Vulnerability Details CVE-2021-37216
QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.04
EPSS Ranking 88.0%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2021-37216
-
cpe:2.3:h:qsan:xn8008t:-
-
cpe:2.3:h:qsan:xn8024r:-
-
cpe:2.3:o:qsan:xn8008t_firmware:3.3.2
-
cpe:2.3:o:qsan:xn8024r_firmware:3.1.5