3 results (0.018 seconds)

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter. Vulnerabilidad de ejecución de secuencias de comandos cruzados(XSS) en el interface de autenticación de F5 FirePass SSL VPN v5.5 hasta v5.5.2 y 6.0 hasta v6.0.3 , permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de un campo password manipulado. NOTA: algunos de estos detalles se han obtenido de terceros. • http://osvdb.org/55040 http://secunia.com/advisories/35418 http://secunia.com/advisories/35426 http://www.securityfocus.com/archive/1/504232/100/0/threaded http://www.securityfocus.com/bid/35312 http://www.securitytracker.com/id?1022387 http://www.vupen.com/english/advisories/2009/1570 https://exchange.xforce.ibmcloud.com/vulnerabilities/51064 https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106 https://w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en F5 FirePass SSL VPN versiones 6.0.2 hotfix 3, y posiblemente versiones anteriores, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de comillas en (1) el parámetro css_exceptions en el archivo vdesk/admincon/webyfiers.php y (2) el parámetro sql_matchscope en el archivo vdesk/admincon/index.php. • https://www.exploit-db.com/exploits/31886 https://www.exploit-db.com/exploits/31885 http://secunia.com/advisories/30550 http://securityreason.com/securityalert/3931 http://www.securityfocus.com/archive/1/493149/100/0/threaded http://www.securityfocus.com/bid/29574 http://www.securitytracker.com/id?1020205 http://www.vupen.com/english/advisories/2008/1765/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 3

Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en installControl.php3 de F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 y 6.0-6.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la cadena query. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • https://www.exploit-db.com/exploits/31698 http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html http://secunia.com/advisories/29931 http://www.securityfocus.com/bid/28902 https://exchange.xforce.ibmcloud.com/vulnerabilities/42078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •