CVE-2021-42080
Reflected XSS vulnerability in OSNEXUS QuantaStor before 6.0.0.355
CVE | CVE-2021-42080 | |||||||||||
Title | Reflected XSS vulnerability in OSNEXUS QuantaStor before 6.0.0.355 | |||||||||||
Credits |
|
|||||||||||
Affected products |
|
|||||||||||
CVSS |
Base score:
7.4
(HIGH) |
|||||||||||
References |
|
|||||||||||
Problem type(s) | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||||||||
Date published | ||||||||||||
Last modified | 11 Mar 2025 13:39 UTC |
Description
An attacker is able to launch a Reflected XSS attack using a crafted URL.
POC:
Visit the following URL
POC:
Visit the following URL
https://<IPADDRESS>:8153/qstorapi/echo?inputMessage=<img%20src=x%20onerror=alert(document.cookie)>
Solution(s)
Upgrade to the latest version of OSNEXUS QuantaStor.
JSON version.