Cross-Site Scripting Vulnerability in F5 FirePass SSL VPN
CVE-2009-2119
Currently unrated
Summary
The F5 FirePass SSL VPN is vulnerable to a cross-site scripting (XSS) attack via the login interface (my.logon.php3). This vulnerability allows remote attackers to inject arbitrary web scripts or HTML through a base64-encoded xcho parameter, potentially leading to unauthorized access and exploitation of user sessions. This highlights the importance of rigorous input validation and proper sanitization methods in web applications.
References
Timeline
Vulnerability published
Vulnerability Reserved