Published: 15/09/2012 Updated: 29/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 445

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi.

Vulnerable Product	Search on Vulmon	Subscribe to Product
endian firewall 2.4

source: wwwsecurityfocuscom/bid/52076/info Endian Firewall is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials Other ...

source: wwwsecurityfocuscom/bid/52076/info Endian Firewall is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials Other at ...

source: wwwsecurityfocuscom/bid/52076/info Endian Firewall is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials Other atta ...

CWE-79 http://www.securityfocus.com/bid/52076 http://packetstormsecurity.org/files/109942/Endian-UTM-Firewall-2.4.x-Cross-Site-Scripting.html http://www.vulnerability-lab.com/get_content.php?id=436 https://exchange.xforce.ibmcloud.com/vulnerabilities/73330 https://nvd.nist.gov https://www.exploit-db.com/exploits/36833/

CVE-2012-4923

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect