Search criteria
6 vulnerabilities found for firepass_ssl_vpn by f5
CVE-2009-2119 (GCVE-0-2009-2119)
Vulnerability from nvd – Published: 2009-06-18 21:00 – Updated: 2024-08-07 05:36
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:20.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35418"
},
{
"name": "35426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35426"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106"
},
{
"name": "55040",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55040"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf"
},
{
"name": "20090611 F5 FirePass Cross-Site Scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504232/100/0/threaded"
},
{
"name": "35312",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35312"
},
{
"name": "firepasssslvpn-unspecified-xss(51064)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51064"
},
{
"name": "ADV-2009-1570",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1570"
},
{
"name": "1022387",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35418"
},
{
"name": "35426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35426"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106"
},
{
"name": "55040",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55040"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf"
},
{
"name": "20090611 F5 FirePass Cross-Site Scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504232/100/0/threaded"
},
{
"name": "35312",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35312"
},
{
"name": "firepasssslvpn-unspecified-xss(51064)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51064"
},
{
"name": "ADV-2009-1570",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1570"
},
{
"name": "1022387",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022387"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35418"
},
{
"name": "35426",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35426"
},
{
"name": "https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106",
"refsource": "MISC",
"url": "https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106"
},
{
"name": "55040",
"refsource": "OSVDB",
"url": "http://osvdb.org/55040"
},
{
"name": "https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf",
"refsource": "MISC",
"url": "https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf"
},
{
"name": "20090611 F5 FirePass Cross-Site Scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504232/100/0/threaded"
},
{
"name": "35312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35312"
},
{
"name": "firepasssslvpn-unspecified-xss(51064)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51064"
},
{
"name": "ADV-2009-1570",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1570"
},
{
"name": "1022387",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022387"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2119",
"datePublished": "2009-06-18T21:00:00",
"dateReserved": "2009-06-18T00:00:00",
"dateUpdated": "2024-08-07T05:36:20.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2637 (GCVE-0-2008-2637)
Vulnerability from nvd – Published: 2008-06-10 00:00 – Updated: 2024-08-07 09:05
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:05:30.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020205"
},
{
"name": "ADV-2008-1765",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1765/references"
},
{
"name": "20080605 F5 FirePass Content Inspection Management XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493149/100/0/threaded"
},
{
"name": "30550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30550"
},
{
"name": "3931",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3931"
},
{
"name": "29574",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29574"
},
{
"name": "firepass-webyfiers-index-xss(42884)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020205"
},
{
"name": "ADV-2008-1765",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1765/references"
},
{
"name": "20080605 F5 FirePass Content Inspection Management XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493149/100/0/threaded"
},
{
"name": "30550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30550"
},
{
"name": "3931",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3931"
},
{
"name": "29574",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29574"
},
{
"name": "firepass-webyfiers-index-xss(42884)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020205",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020205"
},
{
"name": "ADV-2008-1765",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1765/references"
},
{
"name": "20080605 F5 FirePass Content Inspection Management XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493149/100/0/threaded"
},
{
"name": "30550",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30550"
},
{
"name": "3931",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3931"
},
{
"name": "29574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29574"
},
{
"name": "firepass-webyfiers-index-xss(42884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2637",
"datePublished": "2008-06-10T00:00:00",
"dateReserved": "2008-06-09T00:00:00",
"dateUpdated": "2024-08-07T09:05:30.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2030 (GCVE-0-2008-2030)
Vulnerability from nvd – Published: 2008-04-30 15:00 – Updated: 2024-08-07 08:49
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:56.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html"
},
{
"name": "28902",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28902"
},
{
"name": "29931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29931"
},
{
"name": "firepass-installcontrol-xss(42078)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html"
},
{
"name": "28902",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28902"
},
{
"name": "29931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29931"
},
{
"name": "firepass-installcontrol-xss(42078)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42078"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html"
},
{
"name": "28902",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28902"
},
{
"name": "29931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29931"
},
{
"name": "firepass-installcontrol-xss(42078)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42078"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2030",
"datePublished": "2008-04-30T15:00:00",
"dateReserved": "2008-04-30T00:00:00",
"dateUpdated": "2024-08-07T08:49:56.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2119 (GCVE-0-2009-2119)
Vulnerability from cvelistv5 – Published: 2009-06-18 21:00 – Updated: 2024-08-07 05:36
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:20.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35418"
},
{
"name": "35426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35426"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106"
},
{
"name": "55040",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55040"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf"
},
{
"name": "20090611 F5 FirePass Cross-Site Scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504232/100/0/threaded"
},
{
"name": "35312",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35312"
},
{
"name": "firepasssslvpn-unspecified-xss(51064)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51064"
},
{
"name": "ADV-2009-1570",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1570"
},
{
"name": "1022387",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35418"
},
{
"name": "35426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35426"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106"
},
{
"name": "55040",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55040"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf"
},
{
"name": "20090611 F5 FirePass Cross-Site Scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504232/100/0/threaded"
},
{
"name": "35312",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35312"
},
{
"name": "firepasssslvpn-unspecified-xss(51064)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51064"
},
{
"name": "ADV-2009-1570",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1570"
},
{
"name": "1022387",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022387"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35418"
},
{
"name": "35426",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35426"
},
{
"name": "https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106",
"refsource": "MISC",
"url": "https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106"
},
{
"name": "55040",
"refsource": "OSVDB",
"url": "http://osvdb.org/55040"
},
{
"name": "https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf",
"refsource": "MISC",
"url": "https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf"
},
{
"name": "20090611 F5 FirePass Cross-Site Scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504232/100/0/threaded"
},
{
"name": "35312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35312"
},
{
"name": "firepasssslvpn-unspecified-xss(51064)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51064"
},
{
"name": "ADV-2009-1570",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1570"
},
{
"name": "1022387",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022387"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2119",
"datePublished": "2009-06-18T21:00:00",
"dateReserved": "2009-06-18T00:00:00",
"dateUpdated": "2024-08-07T05:36:20.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2637 (GCVE-0-2008-2637)
Vulnerability from cvelistv5 – Published: 2008-06-10 00:00 – Updated: 2024-08-07 09:05
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:05:30.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020205"
},
{
"name": "ADV-2008-1765",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1765/references"
},
{
"name": "20080605 F5 FirePass Content Inspection Management XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493149/100/0/threaded"
},
{
"name": "30550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30550"
},
{
"name": "3931",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3931"
},
{
"name": "29574",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29574"
},
{
"name": "firepass-webyfiers-index-xss(42884)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020205",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020205"
},
{
"name": "ADV-2008-1765",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1765/references"
},
{
"name": "20080605 F5 FirePass Content Inspection Management XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493149/100/0/threaded"
},
{
"name": "30550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30550"
},
{
"name": "3931",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3931"
},
{
"name": "29574",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29574"
},
{
"name": "firepass-webyfiers-index-xss(42884)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020205",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020205"
},
{
"name": "ADV-2008-1765",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1765/references"
},
{
"name": "20080605 F5 FirePass Content Inspection Management XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493149/100/0/threaded"
},
{
"name": "30550",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30550"
},
{
"name": "3931",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3931"
},
{
"name": "29574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29574"
},
{
"name": "firepass-webyfiers-index-xss(42884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2637",
"datePublished": "2008-06-10T00:00:00",
"dateReserved": "2008-06-09T00:00:00",
"dateUpdated": "2024-08-07T09:05:30.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2030 (GCVE-0-2008-2030)
Vulnerability from cvelistv5 – Published: 2008-04-30 15:00 – Updated: 2024-08-07 08:49
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:56.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html"
},
{
"name": "28902",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28902"
},
{
"name": "29931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29931"
},
{
"name": "firepass-installcontrol-xss(42078)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html"
},
{
"name": "28902",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28902"
},
{
"name": "29931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29931"
},
{
"name": "firepass-installcontrol-xss(42078)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42078"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28902.html"
},
{
"name": "28902",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28902"
},
{
"name": "29931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29931"
},
{
"name": "firepass-installcontrol-xss(42078)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42078"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2030",
"datePublished": "2008-04-30T15:00:00",
"dateReserved": "2008-04-30T00:00:00",
"dateUpdated": "2024-08-07T08:49:56.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}