exploitDog

CVE-2021-45092

Опубликовано: 16 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.

Ссылки

http://packetstormsecurity.com/files/166068/Thinfinity-VirtualUI-2.5.41.0-IFRAME-Injection.html
Third Party Advisory
VDB Entry
https://github.com/cybelesoft/virtualui/issues/2
Issue Tracking
Third Party Advisory
http://packetstormsecurity.com/files/166068/Thinfinity-VirtualUI-2.5.41.0-IFRAME-Injection.html
Third Party Advisory
VDB Entry
https://github.com/cybelesoft/virtualui/issues/2
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cybelesoft:thinfinity_virtualui:*:*:*:*:*:*:*:*

Версия до 3.0 (исключая)

EPSS

Процентиль: 99%

0.78911

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-fc56-476w-j7fm

CVSS3: 9.8

github

около 4 лет назад

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.

EPSS

Процентиль: 99%

0.78911

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-Other