{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2021-4406",
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"state": "PUBLISHED",
"assignerShortName": "DIVD",
"dateReserved": "2023-07-05T15:24:56.556Z",
"datePublished": "2023-07-10T06:29:48.698Z",
"dateUpdated": "2025-09-24T15:46:35.837Z"
},
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "QuantaStor",
"vendor": "OSNEXUS",
"versions": [
{
"lessThanOrEqual": "6.0.0.355",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Pasman (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Max van der Horst (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Célistine Oosting (DIVD)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated attacker is able to create alerts that trigger a stored XSS attack.
POC
go to the alert manager
add a webhook with the URL/service token value
'\t-h\t&&\tid\t|\ttee\t/tmp/ttttttddddssss\t#'(whitespaces are tab characters)
click add
click apply
create a test alert
The test alert will run the command
“id\t|\ttee\t/tmp/ttttttddddssss”as root.
after the test alert inspect
/tmp/ttttttddddssss it'll contain the ids of the root user.