CVE-2021-42080 - Reflected XSS vulnerability in OSNEXUS QuantaStor before 6.0.0.355

CVE	CVE-2021-42080
Credits	Wietse Boonstra
Affected products	Product Affected Unaffected Unknown OSNEXUS QuantaStor >= semver 0 to < 6.0.0.355 everything else
CVSS	Base score: 6.5 (MEDIUM)
References	https://www.wbsec.nl/osnexus ( third-party-advisory ) https://www.divd.nl/DIVD-2021-00020 ( third-party-advisory ) https://www.osnexus.com/products/software-defined-storage ( product ) https://csirt.divd.nl/CVE-2021-42080 ( third-party-advisory )
Problem type(s)	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Solution(s)	Upgrade to the latest version of OSNEXUS QuantaStor.
Last modified	05 Jul 2023 21:48

Description

JSON version