QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-4962-44cd2-1.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2021-07-30T00:00:00
Updated: 2021-08-02T11:18:56
Reserved: 2021-07-21T00:00:00
Link: CVE-2021-37216
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-02T12:15:08.183
Modified: 2021-08-10T16:08:24.970
Link: CVE-2021-37216
JSON object: View
Redhat Information
No data.
CWE