Page 2 of 8 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via the pol_name parameter. Múltiples vulnerabilidades de XSS en las páginas de gestión de política de firewall en WatchGuard Fireware XTM anterior a 11.8.3 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro pol_name. • http://seclists.org/fulldisclosure/2014/Mar/154 http://watchguardsecuritycenter.com/2014/03/13/fireware-xtm-11-8-3-update-corrects-xss-flaw http://www.kb.cert.org/vuls/id/807134 http://www.securityfocus.com/bid/66210 http://www.securitytracker.com/id/1029924 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 12%CPEs: 12EXPL: 4

Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie. Desbordamiento de buffer en WGagent de WatchGuard WSM y Fireware anterior a la versión 11.8 permite a atacantes remotos ejecutar código arbitrario a través de un valor largo de sessionid en una cookie. • https://www.exploit-db.com/exploits/29273 http://osvdb.org/98752 http://watchguardsecuritycenter.com/2013/10/17/watchguard-dimension-and-fireware-xtm-11-8 http://watchguardsecuritycenter.com/2013/10/17/xtm-11-8-secfixes http://www.exploit-db.com/exploits/29273 http://www.kb.cert.org/vuls/id/233990 http://www.securityfocus.com/bid/63227 https://funoverip.net/2013/10/watchguard-cve-2013-6021-stack-based-buffer-overflow-exploit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Múltiples vulnerabilidades corss-site scripting (XSS) en WebCenter de Watchguard WSM y Fireware anterior a 11.8, permite a atancates remotos, inyectar script web o HTML de forma arbitraria a traves de vectores no especificados. Watchguard Server Center version 11.7.4 suffers from multiple reflective cross site scripting vulnerabilities. • http://watchguardsecuritycenter.com/2013/10/17/watchguard-dimension-and-fireware-xtm-11-8 http://watchguardsecuritycenter.com/2013/10/17/xtm-11-8-secfixes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •