Lucene search
+L

6 matches found

Nuclei
Nuclei
added yesterday81 views

Thinfinity Iframe Injection

A vulnerability exists in Thinfinity VirtualUI in a function located in /lab.html reachable which by default could allow IFRAME injection via the "vpath" parameter. id: CVE-2021-45092 info: name: Thinfinity Iframe Injection author: danielmofer severity: critical description: A vulnerability exist...

9.8CVSS6.7AI score0.39973EPSS
Exploits7References5
Packet Storm
Packet Storm
added 2022/02/21 12:0 a.m.260 views

Thinfinity VirtualUI 2.5.41.0 IFRAME Injection

Exploit Title: Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Date: 16/12/2021 Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: Thinfinity VirtualUI " where "vpath=//" is the pointer to the external site t...

9.8CVSS0.2AI score0.39973EPSS
Exploits3
0day.today
0day.today
added 2022/02/21 12:0 a.m.294 views

Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Vulnerability

Exploit Title: Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: Thinfinity VirtualUI " where "vpath=//" is the pointer to the external site to be iframed...

9.8CVSS0.3AI score0.39973EPSS
Exploits3
Exploit DB
Exploit DB
added 2022/02/21 12:0 a.m.283 views

Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection

Exploit Title: Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Date: 16/12/2021 Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: Thinfinity VirtualUI " where "vpath=//" is the pointer to the external site t...

9.8CVSS9.7AI score0.39973EPSS
Exploits3
Circl
Circl
added 2021/12/16 7:37 a.m.37 views

CVE-2021-45092

creationtimestamp| type| source ---|---|--- 2021-12-16 07:37:14+00:00| seen| https://t.me/cibsecurity/34129 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-45092.yaml 2024-11-08 00:00:00+00:00| seen| The Shadowserver...

9.8CVSS7AI score0.39973EPSS
In wildExploits3References5
CVE
CVE
added 2021/12/16 3:7 a.m.86 views

CVE-2021-45092

CVE-2021-45092 affects Thinfinity VirtualUI prior to 3.0. Affected component: the /lab.html endpoint (reachable by default), where the vpath parameter can be used to inject an IFRAME. Under the described conditions, exploitation could lead to iframeing external sites, with potential impact depend...

9.8CVSS9.5AI score0.39973EPSS
In wildExploits3References2Affected Software1
Rows per page
Query Builder