# Title: Cyberoam NetGenie (C0101B1-20141120-NG11VO) - Reflected Cross Site Scripting (XSS)# Date: 14.08.2021 # Credit: Gionathan "John" Reale # Firmware Version: C0101B1-20141120-NG11VO# CVE-2021-38702################################################################################################################################## DESCRIPTION: Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks. POC: After connecting to the network via the NetGenie router a page is displayed suggesting a redirect, within the redirect parameter it is possible to execute reflected Cross Site Scripting, the component affected is "hxxp:/URL/tweb/ft.php?u=" _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
[FD] Cyberoam NetGenie (C0101B1-20141120-NG11VO) - Cross Site Scripting (XSS)
Gionathan Reale via Fulldisclosure Mon, 16 Aug 2021 20:56:58 -0700
- [FD] Cyberoam NetGenie (C0101B1-2014112... Gionathan Reale via Fulldisclosure
- [FD] (Reprise License Manager) RLM... Gionathan Reale via Fulldisclosure
- [FD] (Reprise License Manager)... Gionathan Reale via Fulldisclosure
- [FD] (Reprise License Mana... Gionathan Reale via Fulldisclosure
- [FD] (Reprise License Manager)... Gionathan Reale via Fulldisclosure
- [FD] (Reprise License Mana... Gionathan Reale via Fulldisclosure
- [FD] Reprise License M... Gionathan Reale via Fulldisclosure
- [FD] Multiple Vulnerab... Gionathan Reale via Fulldisclosure
