Cross site scripting

2010-06-1514:04:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.2%

JSON

Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CPENameOperatorVersion
unified_threat_management_firewall_firmwareeq3.0.0
unified_threat_management_firewall_firmwareeq3.1.5
unified_threat_management_firewall_firmwareeq4.0.6

Name	Operator	Version
unified_threat_management_firewall_firmware	eq	3.0.0
unified_threat_management_firewall_firmware	eq	3.1.5
unified_threat_management_firewall_firmware	eq	4.0.6

References

ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/

secunia.com/advisories/40089

secunia.com/advisories/40138

www.securityfocus.com/archive/1/511771/100/0/threaded

www.securitytracker.com/id?1024091

www.vupen.com/english/advisories/2010/1413

kc.mcafee.com/corporate/index?page=content&id=SB10010