Описание
QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:qsan:xn8024r_firmware:3.1.5:*:*:*:*:*:*:*
cpe:2.3:h:qsan:xn8024r:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:qsan:xn8008t_firmware:3.3.2:*:*:*:*:*:*:*
cpe:2.3:h:qsan:xn8008t:-:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.0404
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
github
около 3 лет назад
QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.
EPSS
Процентиль: 88%
0.0404
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79