CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8348
https://notcve.org/view.php?id=CVE-2020-8348
A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing. Se reportó una vulnerabilidad de tipo cross-site scripting (XSS) basado en DOM en Lenovo Enterprise Network Disk versiones anteriores a 6.1 parche 6 hotfix 4 que podría permitir una ejecución de código en la sesión actual del navegador de un usuario autenticado si es visitada una URL diseñada, posiblemente por medio de phishing. • https://iknow.lenovo.com.cn/detail/dc_191492.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8347
https://notcve.org/view.php?id=CVE-2020-8347
A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing. En Lenovo Enterprise Network Disk versiones anteriores a 6.1, parche 6, hotfix 4, se reportó una vulnerabilidad de tipo cross-site scripting (XSS) reflejado que podría permitir una ejecución de código en el navegador de un usuario autenticado si es visitada una URL diseñada, posiblemente por medio de phishing. • https://iknow.lenovo.com.cn/detail/dc_191492.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •