5 matches found
CVE-2021-4406
An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...
CVE-2021-4406
An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...
CVE-2021-4406
CVE-2021-4406 affects OSNEXUS QuantaStor. Reports in multiple connected documents (including CVE lists and vendor CSAs) describe an authenticated attacker who can create alerts in the alerts management dialog that trigger a stored XSS, with the test alert running a command as root via a webhook/U...
CVE-2021-4406 Authenticated Remote COmmand Execution as root in OSNEXUS QuantaStor version 6.0.0.355 and others
An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...
CVE-2021-4406 Authenticated Remote COmmand Execution as root in OSNEXUS QuantaStor version 6.0.0.355 and others
An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...