CVE-2021-37216
MEDIUM NUCLEIQSAN Storage Manager - Unauthenticated Reflected Cross-Site Scripting via Header Page Parameters
Title source: llmExploitation Summary
CVE-2021-37216 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.
Nuclei Templates (1)
QSAN Storage Manager <3.3.3 - Cross-Site Scripting
MEDIUMby dwisiswant0
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-4962-44cd2-1.html
Scores
CVSS v3
6.1
EPSS
0.0319
EPSS Percentile
86.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
qsan/xn8008t_firmware
3.3.2
qsan/xn8024r_firmware
3.1.5
Published
Aug 02, 2021
Tracked Since
Feb 18, 2026