CVE-2008-2637

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.

Reference

http://secunia.com/advisories/30550
http://securityreason.com/securityalert/3931
http://www.securityfocus.com/archive/1/493149/100/0/threaded
http://www.securityfocus.com/bid/29574
http://www.securitytracker.com/id?1020205
http://www.vupen.com/english/advisories/2008/1765/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42884

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-10-2018 - 20:42

Objavljeno

10-06-2008 - 00:32