.. / CVE-2022-35416

Exploit for H3C SSL VPN <=2022-07-10 - Cross-Site Scripting (CVE-2022-35416)

Description:

H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang.

Nuclei Template

View the template here CVE-2022-35416.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-35416.yaml
Copy

References:

https://github.com/bughunter0xff/recon-scanner
https://github.com/advisories/GHSA-9x76-78gc-r3m9
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/Docker-droid/H3C_SSL_VPN_XSS
https://nvd.nist.gov/vuln/detail/CVE-2022-35416