290 matches found
CVE-2025-4805 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Acces Portal Configuration
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Fireware OS: from 12.0 through...
CVE-2025-4805 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Acces Portal Configuration
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Fireware OS: from 12.0 through...
CVE-2025-4804 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Hotpot Configuration
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects...
CVE-2025-4804 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Hotpot Configuration
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects...
CVE-2025-4804
CVE-2025-4804 affects WatchGuard Fireware OS on Firebox devices, with a Stored XSS via the spamBlocker module. Affected versions are 12.0 through 12.11.1; exploitation requires an authenticated administrator session on a locally managed Firebox. Root cause is improper neutralization of input duri...
CVE-2025-1239
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the Blocked Sites list. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Firewa...
CVE-2025-1071
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Firewa...
CVE-2025-0178 WatchGaurd Firebox Host Header Injection Vulnerability
Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious...
CVE-2025-0178 WatchGaurd Firebox Host Header Injection Vulnerability
Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious...
CVE-2025-1239 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Blocked Sites List
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the Blocked Sites list. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Firewa...
CVE-2025-1239 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Blocked Sites List
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the Blocked Sites list. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Firewa...
CVE-2025-1071 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in spamBlocker Module
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Firewa...
CVE-2025-1071 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in spamBlocker Module
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Firewa...
WatchGuard Fireware OS 安全漏洞
WatchGuard Fireware OS is a software from WatchGuard USA that runs on a Firebox. A security vulnerability exists in WatchGuard Fireware OS. An attacker could exploit the vulnerability to upload or read files to arbitrary locations on WatchGuard Firebox and XTM devices using unprivileged credentia...
WatchGuard XTM Firebox 12.5.x Buffer Overflow
============================================================================================================================================= | Title : WatchGuard XTM Firebox 12.5.x Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Artica Proxy 4.40 Code Injection
============================================================================================================================================= | Title : Artica Proxy appliance 4.40 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
CVE-2024-6592 WatchGuard Firebox Single Sign-On Agent Protocol Authorization Bypass
Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway aka Single Sign-On Agent on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through...
WordPress FireBox plugin <= 2.1.15 - Malicious Polyfill.io Embed vulnerability
Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin FireBox versions = 2.1.15...
WordPress FireBox Plugin <= 2.1.15 is vulnerable to Backdoor
Software FireBox Type Plugin Vulnerable versions = 2.1.15 Fixed in 2.1.16 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8a543ab1ba05 Credits Sansec.io Required privilege Unauthenticated Published 3 July, 2024...
Metasploit Weekly Wrap-Up 04/05/2024
New ESC4 Templates for AD CS Metasploit added capabilities for exploiting the ESC family of flaws in AD CS in Metasploit 6.3. The ESC4 technique in particular has been supported for some time now thanks to the adcscerttemplates module which enables users to read and write certificate template...