CVE-2021-37216

MEDIUM NUCLEI

Qsan Xn8024r Firmware - XSS

Title source: rule

Description

QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.

Nuclei Templates (1)

QSAN Storage Manager <3.3.3 - Cross-Site Scripting
MEDIUMby dwisiswant0

References (1)

Scores

CVSS v3 6.1
EPSS 0.0404
EPSS Percentile 88.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
qsan/xn8008t_firmware 3.3.2
qsan/xn8024r_firmware 3.1.5
Published Aug 02, 2021
Tracked Since Feb 18, 2026