CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2009-2119
https://notcve.org/view.php?id=CVE-2009-2119
Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter. Vulnerabilidad de ejecución de secuencias de comandos cruzados(XSS) en el interface de autenticación de F5 FirePass SSL VPN v5.5 hasta v5.5.2 y 6.0 hasta v6.0.3 , permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de un campo password manipulado. NOTA: algunos de estos detalles se han obtenido de terceros. • http://osvdb.org/55040 http://secunia.com/advisories/35418 http://secunia.com/advisories/35426 http://www.securityfocus.com/archive/1/504232/100/0/threaded http://www.securityfocus.com/bid/35312 http://www.securitytracker.com/id?1022387 http://www.vupen.com/english/advisories/2009/1570 https://exchange.xforce.ibmcloud.com/vulnerabilities/51064 https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106 https://w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 3CVE-2008-2030 – F5 Networks FirePass 4100 SSL VPN - 'installControl.php3' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2030
Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en installControl.php3 de F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 y 6.0-6.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la cadena query. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • https://www.exploit-db.com/exploits/31698 http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html http://secunia.com/advisories/29931 http://www.securityfocus.com/bid/28902 https://exchange.xforce.ibmcloud.com/vulnerabilities/42078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •