Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2025/02/06 4:24 a.m.11 views

CVE-2021-4406

An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...

9.1CVSS6.7AI score0.00964EPSS
Exploits0References1
osv
osv
added 2023/07/10 4:15 p.m.6 views

CVE-2021-4406

An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...

7.2CVSS5.8AI score0.00964EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2023/07/10 6:29 a.m.16 views

CVE-2021-4406 Authenticated Remote COmmand Execution as root in OSNEXUS QuantaStor version 6.0.0.355 and others

An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...

9.1CVSS6.6AI score0.00964EPSS
Exploits0References3
cvelist
cvelist
added 2023/07/10 6:29 a.m.30 views

CVE-2021-4406 Authenticated Remote COmmand Execution as root in OSNEXUS QuantaStor version 6.0.0.355 and others

An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...

9.1CVSS9.6AI score0.00964EPSS
Exploits0References3
cve
cve
added 2023/07/10 6:29 a.m.50 views

CVE-2021-4406

CVE-2021-4406 affects OSNEXUS QuantaStor. Reports in multiple connected documents (including CVE lists and vendor CSAs) describe an authenticated attacker who can create alerts in the alerts management dialog that trigger a stored XSS, with the test alert running a command as root via a webhook/U...

9.1CVSS6.6AI score0.00964EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder