4.3
CVSSv2

CVE-2012-4923

Published: 15/09/2012 Updated: 29/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 445
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi.

Exploits

source: wwwsecurityfocuscom/bid/52076/info Endian Firewall is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials Other atta ...
source: wwwsecurityfocuscom/bid/52076/info Endian Firewall is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials Other at ...
source: wwwsecurityfocuscom/bid/52076/info Endian Firewall is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials Other ...