First published: Fri Sep 28 2018(Updated: )
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lenovo Storcenter Px12-450r Firmware | =4.1.402.34662 | |
Lenovo Storcenter Px12-450r | ||
Lenovo Storcenter Px12-400r Firmware | =4.1.402.34662 | |
Lenovo Storcenter Px12-400r | ||
Lenovo Storcenter Px4-300r Firmware | =4.1.402.34662 | |
Lenovo Storcenter Px4-300r | ||
Lenovo Storcenter Px6-300d Firmware | =4.1.402.34662 | |
Lenovo Storcenter Px6-300d | ||
Lenovo Storcenter Px4-300d Firmware | =4.1.402.34662 | |
Lenovo Storcenter Px4-300d | ||
Lenovo Storcenter Px2-300d Firmware | =4.1.402.34662 | |
Lenovo Storcenter Px2-300d | ||
Lenovo Storcenter Ix4-300d Firmware | =4.1.402.34662 | |
Lenovo Storcenter Ix4-300d | ||
Lenovo Storcenter Ix2 Firmware | =4.1.402.34662 | |
Lenovo Storcenter Ix2 | ||
Lenovo Storcenter Ix2-dl Firmware | =4.1.402.34662 | |
Lenovo Storcenter Ix2-dl | ||
Lenovo Ez Media \& Backup Center Firmware | =4.1.402.34662 | |
Lenovo Ez Media \& Backup Center | ||
Lenovo Px12-450r Firmware | =4.1.402.34662 | |
Lenovo Px12-450r | ||
Lenovo Px12-400r Firmware | =4.1.402.34662 | |
Lenovo Px12-400r | ||
Lenovo Px4-400r Firmware | =4.1.402.34662 | |
Lenovo Px4-400r | ||
Lenovo Px4-300r Firmware | =4.1.402.34662 | |
Lenovo Px4-300r | ||
Lenovo Px6-300d Firmware | =4.1.402.34662 | |
Lenovo Px6-300d | ||
Lenovo Px4-400d Firmware | =4.1.402.34662 | |
Lenovo Px4-400d | ||
Lenovo Px4-300d Firmware | =4.1.402.34662 | |
Lenovo Px4-300d | ||
Lenovo Px2-300d Firmware | =4.1.402.34662 | |
Lenovo Px2-300d | ||
Lenovo Ix4-300d Firmware | =4.1.402.34662 | |
Lenovo Ix4-300d | ||
Lenovo Ix2 Firmware | =4.1.402.34662 | |
Lenovo Ix2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.