Published: 10/06/2008 Updated: 11/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote malicious users to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
f5 firepass ssl vpn 6.0.2

source: wwwsecurityfocuscom/bid/29574/info F5 FirePass SSL VPN is prone to multiple cross-site request-forgery vulnerabilities because it fails to adequately sanitize user-supplied input Exploiting these issues may allow a remote attacker to execute arbitrary actions in the context of the affected application FirePass 602 hotfix ...

source: wwwsecurityfocuscom/bid/29574/info F5 FirePass SSL VPN is prone to multiple cross-site request-forgery vulnerabilities because it fails to adequately sanitize user-supplied input Exploiting these issues may allow a remote attacker to execute arbitrary actions in the context of the affected application FirePass 602 hotfix 3 i ...

CWE-79 http://www.securityfocus.com/bid/29574 http://www.securitytracker.com/id?1020205 http://secunia.com/advisories/30550 http://securityreason.com/securityalert/3931 http://www.vupen.com/english/advisories/2008/1765/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42884 http://www.securityfocus.com/archive/1/493149/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/31886/

CVE-2008-2637

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect