Multiple Cross-Site Scripting Vulnerabilities in F5 FirePass SSL VPN

CVE-2007-6704

Summary

F5 FirePass 4100 SSL VPN versions 5.4.1 through 5.5.2, as well as versions 6.0 through 6.0.1, are susceptible to multiple cross-site scripting (XSS) vulnerabilities. These security flaws occur when pre-logon sequences are enabled, allowing remote attackers to inject arbitrary HTML or web scripts via the query string to critical server-side scripts, specifically 'my.activation.php3' and 'my.logon.php3'. Exploitation of these vulnerabilities can lead to unauthorized access and data compromise.

References