Cross-Site Scripting Vulnerabilities in Seagate BlackArmor NAS 220 Devices
CVE-2013-6923

Currently unrated

Key Information:

Vendor: Seagate
Status: Blackarmor Nas 220 Firmware; Blackarmor Nas 220
Vendor: CVE Published:; 9 January 2014

What is CVE-2013-6923?

The Seagate BlackArmor NAS 220 has multiple vulnerabilities that allow remote attackers to exploit cross-site scripting (XSS) weaknesses. By injecting malicious scripts or HTML through specific parameters in the admin interface, including 'fullname' and 'workname', attackers can potentially gain unauthorized access or control. This vulnerability underscores the importance of securing administrative interfaces from untrusted input.

References

http://packetstormsecurity.com/files/124685

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/90111

vdb-entryx_refsource_XF

http://www.exploit-db.com/exploits/30727

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2014
Vulnerability Reserved
Dec 3, 2013

JSON