What is CVE-2017-9979?

CVE-2017-9979 is a medium-severity vulnerability in Osnexus Quantastor, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2017-08-28.

How severe is CVE-2017-9979?

Medium severity. CVSS v3 base score is 6.1 out of 10.

XSS in Osnexus Quantastor

CVE-2017-9979

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.024 (85.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Osnexus Quantastor
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cve@mitre.org (URL Repurposed, Exploit, Third Party Advisory, x_refsource_MISC)
cve@mitre.org (Exploit, VDB Entry, Third Party Advisory, exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (mailing-list, Exploit, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
cve@mitre.org (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2017-9979?: CVE-2017-9979 is a medium-severity vulnerability in Osnexus Quantastor, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2017-08-28.
How severe is CVE-2017-9979?: Medium severity. CVSS v3 base score is 6.1 out of 10.