QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.
Published: 2021-08-02
Description
QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.
AI Intelligence Brief
AI Intelligence
Analyzing vulnerability vectors…
🛡️CVE Intelligence Platform
Welcome to THREATQUARTERS
Your command center for real-time vulnerability intelligence — built for security professionals who need answers fast.
Search 200,000+ CVEs by ID, keyword, or technology
Instant CVSS scores, severity ratings and exploit / PoC links