{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T01:46:29.134","vulnerabilities":[{"cve":{"id":"CVE-2017-9979","sourceIdentifier":"cve@mitre.org","published":"2017-08-28T19:29:01.497","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS."},{"lang":"es","value":"En la aplicación virtual OSNEXUS QuantaStor v4 en versiones anteriores a la 4.3.1, si la llamada REST no existe, aparecerá un error que contiene el método inválido que se ha invocado anteriormente. En este caso, la respuesta que se envía al usuario no está sanitizada. Un atacante podría aprovecharse de este problema mediante la inclusión de código HTML o JavaScript arbitrario como parámetro. Esto también se conoce como XSS."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:osnexus:quantastor:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.0","matchCriteriaId":"AEB26265-6FB9-48C5-BFBE-D9412D6E7FF7"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2017/Aug/23","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","URL Repurposed"]},{"url":"https://www.exploit-db.com/exploits/42517/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2017/Aug/23","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","URL Repurposed"]},{"url":"https://www.exploit-db.com/exploits/42517/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}}]}