Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 4:24 a.m.11 views

CVE-2021-4406

An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...

9.1CVSS6.7AI score0.00964EPSS
Exploits0References1
OSV
OSV
added 2023/07/10 4:15 p.m.6 views

CVE-2021-4406

An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...

7.2CVSS5.8AI score0.00964EPSS
Exploits0References5
CVE
CVE
added 2023/07/10 6:29 a.m.50 views

CVE-2021-4406

CVE-2021-4406 affects OSNEXUS QuantaStor. Reports in multiple connected documents (including CVE lists and vendor CSAs) describe an authenticated attacker who can create alerts in the alerts management dialog that trigger a stored XSS, with the test alert running a command as root via a webhook/U...

9.1CVSS6.6AI score0.00964EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/10 6:29 a.m.16 views

CVE-2021-4406 Authenticated Remote COmmand Execution as root in OSNEXUS QuantaStor version 6.0.0.355 and others

An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...

9.1CVSS6.6AI score0.00964EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/07/10 6:29 a.m.30 views

CVE-2021-4406 Authenticated Remote COmmand Execution as root in OSNEXUS QuantaStor version 6.0.0.355 and others

An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...

9.1CVSS9.6AI score0.00964EPSS
Exploits0References3
Rows per page
Query Builder