Unfiltered Special Characters in QSAN Storage Manager Header Page Parameters Allow Remote XSS Attacks

Unfiltered Special Characters in QSAN Storage Manager Header Page Parameters Allow Remote XSS Attacks

CVE-2021-37216 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.

Learn more about our Web Application Penetration Testing UK.