6.1
CVE-2021-37216
- EPSS 4.04%
- Veröffentlicht 02.08.2021 12:15:08
- Zuletzt bearbeitet 21.11.2024 06:14:52
- Quelle twcert@cert.org.tw
- CVE-Watchlists
- Unerledigt
LoginQSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Qsan ≫ Xn8024r Firmware Version3.1.5
Qsan ≫ Xn8008t Firmware Version3.3.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.04% | 0.882 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
| twcert@cert.org.tw | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.