Description
QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| QSAN | Storage Manager XN8008T | affected |
|
||||||
| QSAN | Storage Manager XN8024R | affected |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
No data.
No data available yet.
Remediation
Vendor Solution
Update QSAN Storage Manager to version 3.3.3
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2021-23790 | QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data. |
References
| Link | Providers |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-4962-44cd2-1.html |
|
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published:
Updated: 2024-09-16T21:57:49.436Z
Reserved: 2021-07-21T00:00:00.000Z
Link: CVE-2021-37216
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-08-02T12:15:08.183
Modified: 2024-11-21T06:14:52.983
Link: CVE-2021-37216
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses