CVE-2021-37216 QSAN Storage Manager - Reflected Cross-Site Scripting

🗓️ 02 Aug 2021 11:18:56Reported by twcertType

QSAN Storage Manager allows remote attackers to launch reflected XSS attacks via unfiltered special characters in header page parameter

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2021-37216	2 Aug 202116:27	–	circl
CNNVD	QSAN Storage Manager 跨站脚本漏洞	2 Aug 202100:00	–	cnnvd
CVE	CVE-2021-37216	2 Aug 202111:18	–	cve
EUVD	EUVD-2021-23790	7 Oct 202500:30	–	euvd
Nuclei	QSAN Storage Manager <3.3.3 - Cross-Site Scripting	22 Jun 202605:20	–	nuclei
NVD	CVE-2021-37216	2 Aug 202112:15	–	nvd
OSV	CVE-2021-37216	2 Aug 202112:15	–	osv
Prion	Cross site scripting	2 Aug 202112:15	–	prion

[
  {
    "product": "Storage Manager XN8008T",
    "vendor": "QSAN",
    "versions": [
      {
        "lessThanOrEqual": "3.3.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Storage Manager XN8024R",
    "vendor": "QSAN",
    "versions": [
      {
        "lessThanOrEqual": "3.1.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
twcert	www.twcert.org.tw/tw/cp-132-4962-44cd2-1.html

02 Aug 2021 11:18Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.16.1

EPSS0.03186

CWE-79