Multiple XSS Vulnerabilities in F5 FirePass SSL VPN
CVE-2007-0186

Currently unrated

Key Information:

Vendor: F5
Status: Firepass 4100
Vendor: CVE Published:; 12 January 2007

What is CVE-2007-0186?

F5 FirePass SSL VPN is susceptible to multiple cross-site scripting vulnerabilities, which allow remote attackers to inject arbitrary web scripts or HTML. The vulnerabilities manifest through various parameters including 'xcho' in 'my.logon.php3', multiple custom color parameters in 'vdesk/admincon/index.php', and 'app_param' among others in 'webyfiers.php'. Exploiting these vulnerabilities could lead to unauthorized code execution in a user's browser, compromising the integrity of user interactions. It is advisable for users to apply the recommended patches and ensure their systems are up-to-date to mitigate potential risks.

References

http://www.mnin.org/advisories/2007_firepass.pdf

x_refsource_MISC

http://secunia.com/advisories/23627

third-party-advisoryx_refsource_SECUNIA

http://www.osvdb.org/32738

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 12, 2007
Vulnerability Reserved
Jan 10, 2007