Cross-Site Scripting Vulnerability in Check Point VPN-1 UTM Edge
CVE-2008-1208

Currently unrated

Key Information:

Vendor: Checkpoint
Status: Vpn-1 Utm Edge W Embedded Ngx
Vendor: CVE Published:; 8 March 2008

What is CVE-2008-1208?

A cross-site scripting (XSS) vulnerability exists in the login page of the Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x. Attackers can exploit this flaw by injecting arbitrary web scripts or HTML through the 'user' parameter, potentially compromising the security of user sessions and allowing unauthorized actions. This vulnerability underscores the importance of web application security and the need for robust input validation mechanisms.

References

https://supportcenter.checkpoint.com/supportcenter/portal...

x_refsource_CONFIRM

http://www.louhi.fi/advisory/checkpoint_080306.txt

x_refsource_MISC

http://www.vupen.com/english/advisories/2008/0788

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 8, 2008
Vulnerability Reserved
Mar 7, 2008

Checkpoint

What is CVE-2008-1208?

References

Timeline