CVE-2017-9979 in QuantaStorinformazioni

Riassunto

di MITRE

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

26/06/2017

Divulgazione

28/08/2017

Moderazione

accettato

Voce

VDB-105832

CPE

pronto

CWE

CWE-79 (confermato)

Sfruttamento

Scaricare

CVSS

6.1 (NVD)

EPSS

0.02559

KEV

Attività

molto basso

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-9979
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-9979
CVE Details	https://www.cvedetails.com/cve/CVE-2017-9979/

◂ Precedente Visione D'ensemble Il prossimo ▸

Want to know what is going to be exploited?

We predict KEV entries!