CVE-2013-6923

Name of the Vulnerable Software and Affected Versions Seagate BlackArmor NAS 220 version sg2000-2000.1331

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the fullname parameter to "admin/access control user edit.php" and the workname parameter to "admin/network workgroup domain.php" are vulnerable.

Recommendations For version sg2000-2000.1331, avoid using the fullname parameter in the "admin/access control user edit.php" and the workname parameter in the "admin/network workgroup domain.php" until the issue is resolved. As a temporary workaround, consider restricting access to these parameters to minimize the risk of exploitation.