2 matches found
CVE-2008-0494
The CVE-2008-0494 entry describes a Cross-site scripting (XSS) vulnerability in Endian Firewall 2.1.2, specifically in vpnum/userslist.php where the psearch parameter can be manipulated to inject arbitrary web script/HTML. The connected documents corroborate the affected product and parameter but...
CVE-2012-4923
CVE-2012-4923 involves multiple cross-site scripting (XSS) flaws in the Endian Firewall 2.4 web interface. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via (1) the createrule parameter to dnat.cgi, (2) the addrule parameter to dansguardian.cgi, or (3) PATH_INF...