XSS Vulnerability in OSNEXUS QuantaStor Virtual Appliance

CVE-2017-9979

What is CVE-2017-9979?

A Cross-Site Scripting (XSS) vulnerability exists in OSNEXUS QuantaStor v4 virtual appliance prior to version 4.3.1. This issue arises when a non-existent REST call is invoked, resulting in an error that includes the invalid method used. The response generated is not sanitized, enabling an attacker to exploit this flaw by embedding arbitrary HTML or JavaScript code in a parameter. This could lead to unauthorized actions executed on behalf of users or data exposure, highlighting the importance of implementing secure coding practices and proper input validation.

References