CVE-2021-45092

CRITICAL EXPLOITED NUCLEI

Thinfinity VirtualUI <3.0 - Code Injection

Title source: llm

Description

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.

Exploits (1)

exploitdb WRITEUP
by Daniel Morales · textwebappsmultiple
https://www.exploit-db.com/exploits/50770

Nuclei Templates (1)

Thinfinity Iframe Injection
CRITICALby danielmofer
Shodan: http.title:"thinfinity virtualui"
FOFA: title="thinfinity virtualui"

References (2)

Scores

CVSS v3 9.8
EPSS 0.7891
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-01-22
Status published
Products (1)
cybelesoft/thinfinity_virtualui < 3.0
Published Dec 16, 2021
Tracked Since Feb 18, 2026