Reflective Cross-Site Scripting Vulnerability in Lenovo Enterprise Network Disk
CVE-2020-8347

6.1MEDIUM

Key Information:

Vendor: Lenovo
Status: Enterprise Network Disk
Vendor: CVE Published:; 24 September 2020

What is CVE-2020-8347?

A reflective cross-site scripting (XSS) vulnerability was identified in Lenovo Enterprise Network Disk. If an authenticated user visits a maliciously crafted URL, this vulnerability could allow an attacker to execute arbitrary code within the user's browser. This risk may be exploited through phishing schemes, making it imperative for users to stay vigilant and ensure their software is updated to the latest version to mitigate potential threats.

Affected Version(s)

Enterprise Network Disk < 6.1 patch 6 hotfix 4

References

https://iknow.lenovo.com.cn/detail/dc_191492.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 24, 2020
Vulnerability Reserved
Jan 28, 2020

Credit

Lenovo thanks jingzhe for reporting this issue.