← back
CVE-2021-45092

CVE-2021-45092

EPSS 40.0%
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/166068/Thinfinity-VirtualUI-2.5.41.0-IFRAME-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50770unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/166068/Thinfinity-VirtualUI-2.5.41.0-IFRAME-Injection.htmlhttps://github.com/cybelesoft/virtualui/issues/2