Main Vulnerability Database SB2019051322

SB2019051322 - Cross-site scripting in Seagate NAS OS

Published: May 13, 2019 Updated: August 8, 2020

Security Bulletin ID SB2019051322

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cross-site scripting (CVE-ID: CVE-2018-12304)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL.

Remediation

Install update from vendor's website.

References

https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170