Cross-Site Scripting Vulnerability in F5 FirePass SSL VPN
CVE-2009-2119

Currently unrated

Key Information:

Vendor: F5
Status: Firepass Ssl Vpn
Vendor: CVE Published:; 18 June 2009

Summary

The F5 FirePass SSL VPN is vulnerable to a cross-site scripting (XSS) attack via the login interface (my.logon.php3). This vulnerability allows remote attackers to inject arbitrary web scripts or HTML through a base64-encoded xcho parameter, potentially leading to unauthorized access and exploitation of user sessions. This highlights the importance of rigorous input validation and proper sanitization methods in web applications.

References

http://secunia.com/advisories/35418

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/35426

third-party-advisoryx_refsource_SECUNIA

https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste...

x_refsource_MISC

Timeline

Vulnerability published
Jun 18, 2009
Vulnerability Reserved
Jun 18, 2009