Skip to the content.

CVE-2021-42080

Reflected XSS vulnerability in OSNEXUS QuantaStor before 6.0.0.355

CVE CVE-2021-42080
Title Reflected XSS vulnerability in OSNEXUS QuantaStor before 6.0.0.355
Credits
Affected products
Product Affected Unaffected Unknown
OSNEXUS QuantaStor >= 0 to < 6.0.0.355 (semver)
everything else
CVSS Base score: 7.4 (HIGH)
References
Problem type(s) CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Date published
Last modified 11 Mar 2025 13:39 UTC

Description

An attacker is able to launch a Reflected XSS attack using a crafted URL.

POC:

Visit the following URL
https://<IPADDRESS>:8153/qstorapi/echo?inputMessage=<img%20src=x%20onerror=alert(document.cookie)>

Solution(s)

Upgrade to the latest version of OSNEXUS QuantaStor.


JSON version.