CVE-2017-9767

Name of the Vulnerable Software and Affected Versions Quali CloudShell versions prior to 8

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via several parameters, including Name and Description to various API endpoints such as "/RM/Reservation/ReserveNew", "/RM/Topology/Update", "/SnQ/JobTemplate/Edit", and "/RM/AbstractTemplate/AddOrUpdateAbstractTemplate". The vulnerable parameters also include ExecutionBatches[0].Name, ExecutionBatches[0].Description, Labels, Alias.

Recommendations For Quali CloudShell versions prior to 8, update to version 8 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints until a patch is available. Avoid using the vulnerable parameters in the affected endpoints until the issue is resolved.