Armorlogic Profense Web Application Firewall prior to 2.2.22, and 2.4.x prior to 2.4.4, does not properly implement the "negative model," which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a modified end tag of a SCRIPT element.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
armorlogic profense web application firewall 2.4 |
||
armorlogic profense web application firewall |