Cross-site Scripting Vulnerability in Seagate NAS Operating System
CVE-2018-12297

6.1MEDIUM

Key Information:

Vendor

Seagate

Status
Nas Os
Vendor
CVE Published:
13 May 2019

What is CVE-2018-12297?

A cross-site scripting vulnerability exists in the API error pages of the Seagate NAS OS version 4.3.15.1. This flaw allows attackers to inject malicious JavaScript via specially crafted URL path names, potentially compromising user security by executing unauthorized scripts in the victim’s browser.

References

https://blog.securityevaluators.com/invading-your-persona...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.