This whitepaper demonstrates leveraging cross site scripting
and polyglot exploitation in an exploit called COOLHANDLUKE to
violate network segmentation / layer 2 VLAN policies while routing
and sending a file between isolated, air gapped networks without a
router. This issue affects HPE Procurve, Aruba Networks, Cisco,
Dell, and Netgear products.
Read more https://packetstormsecurity.com/files/167268/Layer7MattersAtLayer2-PoCForRelease.pdf