CVE-2021-37216

Summary

QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.

Affected Software

VendorProductVersion RangeStatus
QSANStorage Manager XN8008Tunspecified <= 3.3.2affected
QSANStorage Manager XN8024Runspecified <= 3.1.5affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References