CVE-2018-9081

Name of the Vulnerable Software and Affected Versions Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier

Description The issue affects the Content Viewer application, where file names used for assets are vulnerable to self cross-site scripting (self-XSS). This allows adversaries to add files to shares with a cross-site scripting payload in the file name. When a user attempts to rename the file, the payload is triggered.

Recommendations For versions 4.1.402.34662 and earlier, consider restricting access to the Content Viewer application until a fix is available. As a temporary workaround, avoid renaming files with suspicious names in the Content Viewer to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.