Vulnerabilities (CVE)

Filtered by vendor Drobo Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-14704	1 Drobo	2 5n2, 5n2 Firmware	2018-12-20	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path.
CVE-2018-14698	1 Drobo	2 5n2, 5n2 Firmware	2018-12-20	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter.
CVE-2018-14697	1 Drobo	2 5n2, 5n2 Firmware	2018-12-20	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter.