XSS Vulnerability in F5 FirePass SSL VPN Product
CVE-2008-2030

Currently unrated

Key Information:

Vendor: F5
Status: Firepass Ssl Vpn; Firepass 4100
Vendor: CVE Published:; 30 April 2008

Summary

A cross-site scripting vulnerability exists in the installControl.php3 file of F5 FirePass 4100 SSL VPN, impacting versions 5.4.2 to 6.2. This flaw enables remote attackers to inject arbitrary web scripts or HTML into the application via the query string. If exploited, this vulnerability could allow attackers to manipulate user data or potentially escalate their privileges within a compromised session.

References

http://downloads.securityfocus.com/vulnerabilities/exploi...

x_refsource_MISC

http://www.securityfocus.com/bid/28902

vdb-entryx_refsource_BID

http://secunia.com/advisories/29931

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 30, 2008
Vulnerability Reserved
Apr 30, 2008