cbcvebase.
CVE-2022-30777
published 2022-05-16

CVE-2022-30777: Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.

PriorityP278medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.10%
79.4th percentile
Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
parallelsh-sphere

Detection & IOCsextracted from sources · hover to see the quote

url/index_en.php?from=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
url/index.php?from=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
path/index_en.php
  • Probe GET requests to /index_en.php and /index.php with the 'from' parameter set to %22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E; a vulnerable response will reflect the unencoded payload string in the HTML body with HTTP 200 and Content-Type: text/html.
  • Use Shodan/FOFA/Google dorks to identify exposed H-Sphere instances as targets: Shodan title:"h-sphere", FOFA title="parallels h-sphere", Google intitle:"h-sphere".
  • The XSS payload is reflected unescaped in the response body; detection should look for the literal string ">alert(document.domain) in HTTP responses to requests targeting the 'from' query parameter.
  • ·The Nuclei template uses stop-at-first-match, meaning /index.php is only probed if /index_en.php does not return a match; scanners should account for both paths independently.
  • ·The template targets CPE cpe:2.3:a:parallels:h-sphere:3.6.2 but the CVE description references version 3.6.1713; verify the exact version string when scoping detections.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.