CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2022-35416
https://notcve.org/view.php?id=CVE-2022-35416
H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. H3C SSL VPN versiones hasta 10-07-2022, permite una vulnerabilidad de tipo XSS en la cookie del archivo wnm/login/login.json svpnlang • https://github.com/safe3s/CVE-2022-35416 https://github.com/Docker-droid/H3C_SSL_VPN_XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 8%CPEs: 3EXPL: 3CVE-2005-4197 – Nortel SSL VPN 4.2.1.6 - Web Interface Input Validation
https://notcve.org/view.php?id=CVE-2005-4197
tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet. • https://www.exploit-db.com/exploits/26771 http://secunia.com/advisories/17974 http://securitytracker.com/id?1015341 http://www.sec-consult.com/247.html http://www.securityfocus.com/archive/1/419263/100/0/threaded http://www.securityfocus.com/bid/15798 http://www.vupen.com/english/advisories/2005/2845 •