CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2008-1208 – Check Point VPN-1 UTM Edge NGX 7.0.48x - Login Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-1208
08 Mar 2008 — Cross-site scripting (XSS) vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la página de entrada de usuarios de Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámentro useCheck Point VPN-1 UTM r (usuario). • https://www.exploit-db.com/exploits/31340 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3489
https://notcve.org/view.php?id=CVE-2007-3489
29 Jun 2007 — Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface. Vulnerabilidad de falsificación de petición en... • http://osvdb.org/37645 •