Description
Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.
Affected products
- F5 / firepass_41005.4 – 5.4
- F5 / firepass_41005.4.1 – 5.4.1
- F5 / firepass_41005.4.2 – 5.4.2
- F5 / firepass_41005.4.3 – 5.4.3
- F5 / firepass_41005.4.4 – 5.4.4
- F5 / firepass_41005.4.5 – 5.4.5
- F5 / firepass_41005.4.6 – 5.4.6
- F5 / firepass_41005.4.7 – 5.4.7
- F5 / firepass_41005.4.8 – 5.4.8
- F5 / firepass_41005.4.9 – 5.4.9
- F5 / firepass_41005.5.0 – 5.5.0
- F5 / firepass_41005.5.1 – 5.5.1
- F5 / firepass_41006.0 – 6.0
- F5 / firepass_41006.0.1 – 6.0.1
References
- MISChttp://www.securityfocus.com/archive/1/483601/100/0/threaded
- MISChttp://www.securitytracker.com/id?1018937
- MISChttp://securityreason.com/securityalert/3364
- MISChttp://osvdb.org/38665
- MISChttp://www.securityfocus.com/bid/26412
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/38439
- MISChttps://support.f5.com/kb/en-us/solutions/public/7000/400/sol7498.html
- MISChttp://www.procheckup.com/Vulnerability_PR07-13.php
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/3847
- VENDOR_ADVISORYhttp://secunia.com/advisories/27647