Cross-Site Scripting Vulnerabilities in F5 FirePass SSL VPN
CVE-2008-2637

Currently unrated

Key Information:

Vendor
F5
Vendor
CVE Published:
10 June 2008

Summary

F5 FirePass SSL VPN has multiple vulnerabilities that allow remote attackers to execute arbitrary scripts in users' browsers. These flaws exist due to improper validation of input parameters. Attackers can exploit this by injecting malicious scripts through the 'css_exceptions' parameter in the vdesk/admincon/webyfiers.php file and the 'sql_matchscope' parameter in the vdesk/admincon/index.php file. Successful exploitation could lead to user data theft or session hijacking.

References

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.