CVE-2018-9079

Name of the Vulnerable Software and Affected Versions Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier

Description The issue allows adversaries to craft URLs that can modify the Document Object Model (DOM) of a page. Additionally, they can inject HTML script tags and HTML tags with JavaScript handlers, enabling the execution of arbitrary JavaScript with the origin of the device.

Recommendations For versions 4.1.402.34662 and earlier, as a temporary workaround, consider restricting access to the DOM to minimize the risk of exploitation. Avoid using JavaScript handlers in HTML tags until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.