Cross-site Scripting Vulnerability in Seagate NAS OS
CVE-2018-12304
6.1MEDIUM
What is CVE-2018-12304?
A cross-site scripting vulnerability exists in the Application Manager of Seagate NAS OS version 4.3.15.1. This vulnerability allows attackers to execute arbitrary JavaScript code by exploiting multiple application metadata fields such as Short Description, Publisher Name, Publisher Contact, or Website URL. Successful exploitation can lead to unauthorized actions performed by unsuspecting users, highlighting the importance of keeping software updated to protect against such security risks.