CVE-2021-42083

Authenticated Stored XSS in OSNEXUS QuantaStor 6.0.0.335

CVE CVE-2021-42083
Title Authenticated Stored XSS in OSNEXUS QuantaStor 6.0.0.335
Credits
Affected products
Product Affected Unaffected Unknown
OSNEXUS QuantaStor on Windows, Linux >= 0 to < 6.0.0.355 (semver)
everything else
CVSS Base score: 8.7 (HIGH)
References
Problem type(s) CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Date published
Last modified 11 Mar 2025 13:39 UTC

Description

An authenticated attacker is able to create alerts that trigger a stored XSS attack.

POC


  1. go to the alert manager

  2. open the ITSM tab

  3. add a webhook with the URL/service token value

    ' -h && id | tee /tmp/ttttttddddssss #'

    (whitespaces are tab characters)

  4. click add

  5. click apply

  6. create a test alert

  7. The test alert will run the command

    id | tee /tmp/ttttttddddssss

    as root.

  8. after the test alert inspect

    /tmp/ttttttddddssss

    it'll contain the ids of the root user.


Solution(s)

Upgrade to the latest version of OSNEXUS QuantaStor.

JSON version.