{"vulnerability": "CVE-2018-1230", "sightings": [{"uuid": "b60b5b68-e387-4240-aa89-af47dfb2f7f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-12301", "type": "seen", "source": "https://t.me/cibsecurity/4262", "content": "ATENTION\u203c New - CVE-2018-12301\n\nUnvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-05-13T16:26:11.000000Z"}, {"uuid": "455aac26-b2a7-4c24-a1ff-23680dca49d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-12300", "type": "seen", "source": "https://t.me/cibsecurity/4263", "content": "ATENTION\u203c New - CVE-2018-12300\n\nArbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-05-13T16:26:12.000000Z"}, {"uuid": "8c438731-7f1c-45d4-84ab-dc155d7c4de6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-12303", "type": "seen", "source": "https://t.me/cibsecurity/4260", "content": "ATENTION\u203c New - CVE-2018-12303\n\nCross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-05-13T16:26:09.000000Z"}, {"uuid": "07c83457-b492-4b5a-bce5-d1135e2cb3f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-12302", "type": "seen", "source": "https://t.me/cibsecurity/4261", "content": "ATENTION\u203c New - CVE-2018-12302\n\nMissing HTTPOnly flag on session cookies in the Seagate NAS OS version 4.3.15.1 web application allows attackers to steal session tokens via cross-site scripting.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-05-13T16:26:10.000000Z"}]}