CVE-2009-2119

Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter.
Configurations

Configuration 1 (hide)

OR cpe:2.3:h:f5:firepass_ssl_vpn:5.5:*:*:*:*:*:*:*
cpe:2.3:h:f5:firepass_ssl_vpn:5.5.1:*:*:*:*:*:*:*
cpe:2.3:h:f5:firepass_ssl_vpn:5.5.2:*:*:*:*:*:*:*
cpe:2.3:h:f5:firepass_ssl_vpn:6.0:*:*:*:*:*:*:*
cpe:2.3:h:f5:firepass_ssl_vpn:6.0.1:*:*:*:*:*:*:*
cpe:2.3:h:f5:firepass_ssl_vpn:6.0.2:*:*:*:*:*:*:*
cpe:2.3:h:f5:firepass_ssl_vpn:6.0.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-06-18 21:30

Updated : 2024-02-28 11:21


NVD link : CVE-2009-2119

Mitre link : CVE-2009-2119

CVE.ORG link : CVE-2009-2119


JSON object : View

Products Affected

f5

  • firepass_ssl_vpn
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')