Cross-Site Scripting Vulnerability in F5 Networks FirePass 1000 SSL VPN
CVE-2006-5416

Currently unrated

Key Information:

Vendor: F5
Status: Firepass 1000
Vendor: CVE Published:; 20 October 2006

Summary

The vulnerability exists in the my.acctab.php3 file of F5 Networks' FirePass 1000 SSL VPN 5.5 and possibly earlier versions, where remote attackers can exploit the sid parameter. By injecting arbitrary web script or HTML, attackers can manipulate the web browser behavior of unsuspecting users, potentially compromising sensitive information or executing unauthorized actions. This XSS flaw underscores the importance of robust input validation and sanitization in web applications to fortify against such attacks.

References

http://www.procheckup.com/Vulner_PR0603b.php

x_refsource_MISC

http://www.securityfocus.com/archive/1/448935/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.vupen.com/english/advisories/2006/4083

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Oct 20, 2006
Vulnerability Reserved
Oct 19, 2006