Skip to main content

CVE-2021-37216

Description

QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.

TWCERT/CC
Severity: MEDIUM
CVE ID: CVE-2021-37216
CVSS Score: 6.1
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2021-37216
Last updated on by Vulnerability_bot_v1.3.9