Vulnerability in N/a
CVE-2021-45092
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.
EPSS: 0.818 (99.2th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
References
- github.com/cybelesoft/virtualui/issues/2 (x_refsource_MISC)
- packetstormsecurity.com/files/166068/Thinfinity-VirtualUI-2.5.41.0-IFRAME-Injec… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2021-45092?
- CVE-2021-45092 is a vulnerability in N/a. Published 2021-12-16.
- Is CVE-2021-45092 known to be exploited?
- 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.