Showing 1 - 1 of 1

CVE-2017-9979

Status Candidate

Overview

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS.

Related Files

OSNEXUS QuantaStor 4 Information Disclosure: Posted Aug 14, 2017; Authored by Nahuel Sanchez | Site vvvsecurity.com; OSNEXUS QuantaStor version 4 suffers from multiple information disclosure vulnerabilities including user enumeration.; tags | exploit, vulnerability, info disclosure; advisories | CVE-2017-9978, CVE-2017-9979; SHA-256 | 0762c7d4aa2b0a1660c63fde56c7e91b852dcdf5a6a1019d3e8ed62845a1049f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 234 files
indoushka 93 files
Ubuntu 87 files
Gentoo 36 files
Jasper Nota 25 files
Debian 21 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,099)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,756)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,521)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,747)
UNIX (9,436)
UnixWare (187)
Windows (6,674)
Other

CVE-2017-9979

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems