GCVE - cpe:2.3:o:seagate:nas_os:4.3.15.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:seagate:nas_os:4.3.15.1:*:*:*:*:*:*:*

part: o version: 4.3.15.1 update: *

Vendor	Seagate (`32889122-7b7d-5a01-9d8b-1aaacddd8bee`)
Product	Nas Os (`37a18e42-d321-54f6-8deb-f5a6401464e0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-12304`	vulnerable	2026-06-03 14:38:04.154192	Details available Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL. Published: 2019-05-13T12:40:24.000Z Updated: 2024-08-05T08:30:59.997Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12303`	vulnerable	2026-06-03 14:38:04.153917	Details available Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names. Published: 2019-05-13T12:39:37.000Z Updated: 2024-08-05T08:30:59.697Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12302`	vulnerable	2026-06-03 14:38:04.153662	Details available Missing HTTPOnly flag on session cookies in the Seagate NAS OS version 4.3.15.1 web application allows attackers to steal session tokens via cross-site scripting. Published: 2019-05-13T12:38:56.000Z Updated: 2024-08-05T08:30:59.775Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12301`	vulnerable	2026-06-03 14:38:04.153396	Details available Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost. Published: 2019-05-13T12:38:07.000Z Updated: 2024-08-05T08:30:59.985Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12300`	vulnerable	2026-06-03 14:38:04.153101	Details available Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter. Published: 2019-05-13T12:36:58.000Z Updated: 2024-08-05T08:30:59.824Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12299`	vulnerable	2026-06-03 14:38:04.152810	Details available Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names. Published: 2019-05-13T12:35:33.000Z Updated: 2024-08-05T08:30:59.654Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12298`	vulnerable	2026-06-03 14:38:04.152504	Details available Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path. Published: 2019-05-13T12:34:50.000Z Updated: 2024-08-05T08:30:59.653Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12297`	vulnerable	2026-06-03 14:38:04.152190	Details available Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names. Published: 2019-05-13T12:33:43.000Z Updated: 2024-08-05T08:30:59.598Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12296`	vulnerable	2026-06-03 14:38:04.151856	Details available Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests. Published: 2019-05-13T12:32:56.000Z Updated: 2024-08-05T08:30:59.730Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12295`	vulnerable	2026-06-03 14:38:04.151445	Details available SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter. Published: 2019-05-13T12:31:26.000Z Updated: 2024-08-05T08:30:59.778Z Open on db.gcve.eu Reference links https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.