Cross-Site Scripting Vulnerability in Netgear SSL312 VPN Concentrator
CVE-2007-5562

Currently unrated

Key Information:

Vendor: Netgear
Status: Ssl312
Vendor: CVE Published:; 18 October 2007

Summary

The Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 has a vulnerability in the login page that allows remote attackers to inject arbitrary web scripts or HTML. This can be achieved via manipulating the 'err' parameter on the error page. Successful exploitation could enable an attacker to execute malicious scripts in the context of a user's session, potentially leading to unauthorized access or data theft.

References

http://www.securityfocus.com/bid/26073

vdb-entryx_refsource_BID

http://securitytracker.com/id?1018817

vdb-entryx_refsource_SECTRACK

http://www.smash-the-stack.net/articles/Netgear_SSL312_XS...

x_refsource_MISC

Timeline

Vulnerability published
Oct 18, 2007
Vulnerability Reserved
Oct 18, 2007