CVE-2021-37216
QSAN Storage Manager - Reflected Cross-Site Scripting
In short
QSAN Storage Manager's header page allows attackers to inject malicious JavaScript code that runs in users' browsers without requiring login. This can trick users into revealing sensitive information or having their data modified.
Technical detail
Reflected XSS vulnerability in QSAN Storage Manager header page parameters due to insufficient input validation of special characters. Unauthenticated remote attackers can craft malicious URLs containing JavaScript payloads that execute in victims' browsers, potentially leading to session hijacking, credential theft, or unauthorized data modification.
Summary generated and translated by AI from the official description.
QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →