CVE-2021-37216
QSAN Storage Manager - Reflected Cross-Site Scripting
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.
Unos parámetros de la página de encabezado de QSAN Storage Manager no filtran los caracteres especiales. Unos atacantes remotos pueden inyectar JavaScript sin iniciar sesión y lanzar ataques de tipo XSS reflejado para acceder y modificar datos específicos
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-07-21 CVE Reserved
- 2021-08-02 CVE Published
- 2024-08-02 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.twcert.org.tw/tw/cp-132-4962-44cd2-1.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qsan Search vendor "Qsan" | Xn8024r Firmware Search vendor "Qsan" for product "Xn8024r Firmware" | 3.1.5 Search vendor "Qsan" for product "Xn8024r Firmware" and version "3.1.5" | - |
Affected
| in | Qsan Search vendor "Qsan" | Xn8024r Search vendor "Qsan" for product "Xn8024r" | - | - |
Safe
|
| Qsan Search vendor "Qsan" | Xn8008t Firmware Search vendor "Qsan" for product "Xn8008t Firmware" | 3.3.2 Search vendor "Qsan" for product "Xn8008t Firmware" and version "3.3.2" | - |
Affected
| in | Qsan Search vendor "Qsan" | Xn8008t Search vendor "Qsan" for product "Xn8008t" | - | - |
Safe
|