CVE-2018-12297

Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt