[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Cyberoam NetGenie (C0101B1-20141120-NG11VO) - Cross Site Scripting (XSS)

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Cyberoam NetGenie (C0101B1-20141120-NG11VO) - Cross Site Scripting (XSS)
From: Gionathan Reale via Fulldisclosure <fulldisclosure@xxxxxxxxxxxx>
Date: Sun, 15 Aug 2021 10:10:17 +0200 (CEST)


# Title: Cyberoam NetGenie (C0101B1-20141120-NG11VO) - Reflected Cross Site 
Scripting (XSS)# Date: 14.08.2021 # Credit: Gionathan "John" Reale # Firmware 
Version: C0101B1-20141120-NG11VO# 
CVE-2021-38702##################################################################################################################################
 DESCRIPTION:
Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow 
tweb/ft.php?u=[XSS] attacks.
POC:

After connecting to the network via the NetGenie router a page is displayed 
suggesting a redirect, within the redirect parameter it is possible to execute 
reflected Cross Site Scripting, the component affected is 
"hxxp:/URL/tweb/ft.php?u="




_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] New BlackArch Linux ISOs + OVA Image released!
Next by Date: [FD] SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series
Previous by thread: [FD] New BlackArch Linux ISOs + OVA Image released!
Next by thread: [FD] SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series
Index(es):
- Date
- Thread