.. / CVE-2021-38702

Exploit for Cyberoam NetGenie Cross-Site Scripting (CVE-2021-38702)

Description:

Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 are susceptible to reflected cross-site scripting via the ‘u’ parameter of ft.php.

Nuclei Template

View the template here CVE-2021-38702.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-38702.yaml

References:

https://seclists.org/fulldisclosure/2021/Aug/20
https://github.com/ARPSyndicate/cvemon
http://packetstormsecurity.com/files/163859/Cyberoam-NetGenie-Cross-Site-Scripting.html
http://www.cyberoamworks.com/NetGenie-Home.asp
https://nvd.nist.gov/vuln/detail/CVE-2021-38702

.. / CVE-2021-38702 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Cyberoam NetGenie Cross-Site Scripting (CVE-2021-38702)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-38702