CVE-2007-5979

F5 Firepass 4100 SSL VPN <6.0.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jan Fry · textremotehardware

https://www.exploit-db.com/exploits/30755

View Code ZIP pw:eip

References (10)

[Vendor Advisory] http://secunia.com/advisories/27647

[Various Sources] http://www.procheckup.com/Vulnerability_PR07-13.php

[Patch] http://www.securitytracker.com/id?1018937

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/38439

[Vendor Advisory] https://support.f5.com/kb/en-us/solutions/public/7000/400/sol7498.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/483601/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26412

[Third Party Advisory, VDB Entry] http://osvdb.org/38665

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/3847

[Third Party Advisory] http://securityreason.com/securityalert/3364

Scores

EPSS 0.1490

EPSS Percentile 94.4%

Classification

CWE

CWE-79

Status draft

Affected Products (14)

f5/firepass_4100

Timeline

Published Nov 15, 2007

Tracked Since Feb 18, 2026