CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 2CVE-2010-2290
https://notcve.org/view.php?id=CVE-2010-2290
Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el firmware cgi-bin/cgix/help en McAfee Unified Threat Management (UTM) Firewall (formalmente SnapGear) v3.0.0 hasta v4.0.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro page. • http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting http://secunia.com/advisories/40089 http://secunia.com/advisories/40138 http://www.securityfocus.com/archive/1/511771/100/0/threaded http://www.securitytracker.com/id?1024091 http://www.vupen.com/english/advisories/2010/1413 https://kc.mcafee.com/corporate/index?page=content&id=SB10010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •