CVE-2008-2637: XSS
First published: Tue Jun 10 2008(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 FirePass SSL VPN | =6.0.2-hotfix_3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/29574
- http://www.securitytracker.com/id?1020205
- http://secunia.com/advisories/30550
- http://securityreason.com/securityalert/3931
- http://www.vupen.com/english/advisories/2008/1765/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42884
- http://www.securityfocus.com/archive/1/493149/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/f5
- canonical/f5 firepass ssl vpn
- version/f5 firepass ssl vpn/6.0.2-hotfix_3