Cross-Site Scripting Vulnerabilities in F5 FirePass SSL VPN
CVE-2008-2637
Currently unrated
Summary
F5 FirePass SSL VPN has multiple vulnerabilities that allow remote attackers to execute arbitrary scripts in users' browsers. These flaws exist due to improper validation of input parameters. Attackers can exploit this by injecting malicious scripts through the 'css_exceptions' parameter in the vdesk/admincon/webyfiers.php file and the 'sql_matchscope' parameter in the vdesk/admincon/index.php file. Successful exploitation could lead to user data theft or session hijacking.
References
EPSS Score
7% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved