cvedb.io
CVE-2017-9979
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2017-08-28T19:29:01.497 · Last modified 2026-06-17T01:29:18.983

Summary

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS.

Affected products

osnexus — quantastor

Does this affect you?

Add your gear to cvedb and we'll alert you only when osnexus ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.