CVE-2022-35416

MEDIUM NUCLEI

H3C SSL VPN < 2022-07-10 - Cross-Site Scripting via wnm/login/login.json svpnlang Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-35416. PoCs published by safe3s. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a functional proof-of-concept for CVE-2022-35416, a reflected XSS vulnerability in H3C SSL VPN. The exploit leverages the 'svpnlang' cookie parameter in the '/wnm/login/login.json' endpoint to inject malicious JavaScript payloads.

Description

H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS.

Exploits (1)

nomisec WORKING POC 6 stars

by safe3s · poc

https://github.com/safe3s/CVE-2022-35416

View Code ZIP pw:eip

This repository provides a functional proof-of-concept for CVE-2022-35416, a reflected XSS vulnerability in H3C SSL VPN. The exploit leverages the 'svpnlang' cookie parameter in the '/wnm/login/login.json' endpoint to inject malicious JavaScript payloads.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: H3C SSL VPN (versions through 2022-07-10)

No auth needed

Prerequisites: Access to the target's login endpoint · Ability to set cookies in HTTP requests

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

H3C SSL VPN <=2022-07-10 - Cross-Site Scripting

MEDIUMVERIFIEDby 0x240x23elu

Shodan: http.html_hash:510586239

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/Docker-droid/H3C_SSL_VPN_XSS

Scores

CVSS v3 6.1

EPSS 0.0258

EPSS Percentile 83.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

h3c/ssl_vpn < 2022-07-10

Published Jul 11, 2022

Tracked Since Feb 18, 2026