Cross-Site Scripting Vulnerability in WatchGuard Fireware XTM
CVE-2014-0338

Currently unrated

Key Information:

Vendor: Watchguard
Status: Fireware
Vendor: CVE Published:; 16 March 2014

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in the firewall policy management pages of WatchGuard Fireware XTM versions before 11.8.3. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML through the 'pol_name' parameter. Successful exploitation could lead to unauthorized access and manipulation of web content.

References

http://www.securitytracker.com/id/1029924

vdb-entryx_refsource_SECTRACK

http://www.kb.cert.org/vuls/id/807134

third-party-advisoryx_refsource_CERT-VN

http://watchguardsecuritycenter.com/2014/03/13/fireware-x...

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 16, 2014
Vulnerability Reserved
Dec 5, 2013