4.3
CVE-2009-2119
- EPSS 1.57%
- Veröffentlicht 18.06.2009 21:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:49
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
F5 ≫ Firepass Ssl Vpn Version5.5
F5 ≫ Firepass Ssl Vpn Version5.5.1
F5 ≫ Firepass Ssl Vpn Version5.5.2
F5 ≫ Firepass Ssl Vpn Version6.0
F5 ≫ Firepass Ssl Vpn Version6.0.1
F5 ≫ Firepass Ssl Vpn Version6.0.2
F5 ≫ Firepass Ssl Vpn Version6.0.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.57% | 0.721 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://osvdb.org/55040
http://secunia.com/advisories/35418
http://secunia.com/advisories/35426
http://www.securityfocus.com/archive/1/504232/100/0/threaded
http://www.securityfocus.com/bid/35312
http://www.securitytracker.com/id?1022387
http://www.vupen.com/english/advisories/2009/1570
https://exchange.xforce.ibmcloud.com/vulnerabilities/51064
https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106
https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf