DOM-based XSS Vulnerability in Lenovo Enterprise Network Disk
CVE-2020-8348
6.1MEDIUM
What is CVE-2020-8348?
A security vulnerability exists within Lenovo's Enterprise Network Disk that permits a DOM-based cross-site scripting (XSS) attack. This flaw, found in versions prior to 6.1 patch 6 hotfix 4, could allow an attacker to execute arbitrary code within the browser session of an authenticated user if they are tricked into visiting a specially crafted URL. Users are advised to exercise caution against potential phishing attempts that exploit this vulnerability.
Affected Version(s)
Enterprise Network Disk < 6.1 patch 6 hotfix 4