Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter.
CPE | Name | Operator | Version |
---|---|---|---|
firepass_ssl_vpn | eq | 5.5.1 | |
firepass_ssl_vpn | eq | 5.5.2 | |
firepass_ssl_vpn | eq | 6.0.1 | |
firepass_ssl_vpn | eq | 6.0.3 | |
firepass_ssl_vpn | eq | 6.0 | |
firepass_ssl_vpn | eq | 6.0.2 | |
firepass_ssl_vpn | eq | 5.5 |
osvdb.org/55040
secunia.com/advisories/35418
secunia.com/advisories/35426
www.securityfocus.com/archive/1/504232/100/0/threaded
www.securityfocus.com/bid/35312
www.securitytracker.com/id?1022387
www.vupen.com/english/advisories/2009/1570
exchange.xforce.ibmcloud.com/vulnerabilities/51064
www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106
www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf