Cross-Site Scripting Vulnerability in F5 FirePass SSL VPN
CVE-2009-2119

Currently unrated

Key Information:

Vendor
F5
Vendor
CVE Published:
18 June 2009

Summary

The F5 FirePass SSL VPN is vulnerable to a cross-site scripting (XSS) attack via the login interface (my.logon.php3). This vulnerability allows remote attackers to inject arbitrary web scripts or HTML through a base64-encoded xcho parameter, potentially leading to unauthorized access and exploitation of user sessions. This highlights the importance of rigorous input validation and proper sanitization methods in web applications.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.