Vulnerabilities > Lenovo > IX4 300D Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-09-28 CVE-2018-9081 Cross-site Scripting vulnerability in Lenovo products
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS.
network
high complexity
lenovo CWE-79
4.7
2018-09-28 CVE-2018-9080 Improper Authentication vulnerability in Lenovo products
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value.
network
high complexity
lenovo CWE-287
5.9