CVE-2021-42083
Authenticated Stored XSS in OSNEXUS QuantaStor 6.0.0.335
| CVE | CVE-2021-42083 | |||||||||||
| Title | Authenticated Stored XSS in OSNEXUS QuantaStor 6.0.0.335 | |||||||||||
| Credits |
|
|||||||||||
| Affected products |
|
|||||||||||
| CVSS |
Base score:
8.7
(HIGH) |
|||||||||||
| References |
|
|||||||||||
| Problem type(s) | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||||||||
| Date published | ||||||||||||
| Last modified | 02 Jan 2024 18:32 UTC |
Description
An authenticated attacker is able to create alerts that trigger a stored XSS attack.
Solution(s)
Upgrade to the latest version of OSNEXUS QuantaStor.
JSON version.