CVE-2009-2119

Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
f5firepass_ssl_vpn
5.5
f5firepass_ssl_vpn
5.5.1
f5firepass_ssl_vpn
5.5.2
f5firepass_ssl_vpn
6.0
f5firepass_ssl_vpn
6.0.1
f5firepass_ssl_vpn
6.0.2
f5firepass_ssl_vpn
6.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/55040
http://secunia.com/advisories/35418
http://secunia.com/advisories/35426
http://www.securityfocus.com/archive/1/504232/100/0/threaded
http://www.securityfocus.com/bid/35312
http://www.securitytracker.com/id?1022387
http://www.vupen.com/english/advisories/2009/1570
https://exchange.xforce.ibmcloud.com/vulnerabilities/51064
https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106
https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf
http://osvdb.org/55040
http://secunia.com/advisories/35418
http://secunia.com/advisories/35426
http://www.securityfocus.com/archive/1/504232/100/0/threaded
http://www.securityfocus.com/bid/35312
http://www.securitytracker.com/id?1022387
http://www.vupen.com/english/advisories/2009/1570
https://exchange.xforce.ibmcloud.com/vulnerabilities/51064
https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106
https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf