Medium severity5.4NVD Advisory· Published Aug 18, 2017· Updated May 13, 2026

CVE-2017-9767

Description

Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description parameter to RM/Topology/Update; the (4) Name, (5) Description, (6) ExecutionBatches[0].Name, (7) ExecutionBatches[0].Description, or (8) Labels parameter to SnQ/JobTemplate/Edit; or (9) Alias or (10) Description parameter to RM/AbstractTemplate/AddOrUpdateAbstractTemplate.

Affected products

Quali/Cloudshell
cpe:2.3:a:quali:cloudshell:*:*:*:*:*:*:*:*
Range: <=7.1.0.6508

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/143746/Quali-CloudShell-7.1.0.6508-Patch-6-Cross-Site-Scripting.htmlnvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/42453/nvdExploitThird Party AdvisoryVDB Entry
www.securityfocus.com/archive/1/541023/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000