CVE-2010-2290

Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
mcafeeunified_threat_management_firewall_firmware
3.0.0
mcafeeunified_threat_management_firewall_firmware
3.1.5
mcafeeunified_threat_management_firewall_firmware
4.0.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/
http://secunia.com/advisories/40089
http://secunia.com/advisories/40138
http://www.securityfocus.com/archive/1/511771/100/0/threaded
http://www.securitytracker.com/id?1024091
http://www.vupen.com/english/advisories/2010/1413
https://kc.mcafee.com/corporate/index?page=content&id=SB10010
http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/
http://secunia.com/advisories/40089
http://secunia.com/advisories/40138
http://www.securityfocus.com/archive/1/511771/100/0/threaded
http://www.securitytracker.com/id?1024091
http://www.vupen.com/english/advisories/2010/1413
https://kc.mcafee.com/corporate/index?page=content&id=SB10010