Loading HuntDB...

GHSA-m3g4-7856-hf77

GitHub Security Advisory

⚠ Unreviewed MODERATE Has CVE

Advisory Details

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.

Related CVEs

Key Information

GHSA ID
GHSA-m3g4-7856-hf77
Published
May 14, 2022 1:58 AM
Last Modified
May 14, 2022 1:58 AM
CVSS Score
5.0 /10
Primary Ecosystem
Unknown
Primary Package
Unknown
GitHub Reviewed
✗ No

Dataset

Last updated: August 30, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.