CVE-2018-9079 Vulnerability Details

  /     /     /  

CVE-2018-9079 Metadata Quick Info

CVE Published: 28/09/2018 | CVE Updated: 05/08/2024 | CVE Year: 2018
Source: lenovo | Vendor: Lenovo Group LTD | Product: Iomega StorCenter
Status : PUBLISHED

---

CVE-2018-9079 Description

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Arbitrary code execution
Source: Lenovo Group LTD

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).