Cross site scripting

2008-06-1000:32:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.

CPENameOperatorVersion
firepass_ssl_vpneq6.0.2 hotfix-3

CPE	Name	Operator	Version
	firepass_ssl_vpn	eq	6.0.2 hotfix-3

References

secunia.com/advisories/30550

securityreason.com/securityalert/3931

www.securityfocus.com/archive/1/493149/100/0/threaded

www.securityfocus.com/bid/29574

www.securitytracker.com/id?1020205

www.vupen.com/english/advisories/2008/1765/references

exchange.xforce.ibmcloud.com/vulnerabilities/42884