Description
Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Jan Fry · textremotehardware
https://www.exploit-db.com/exploits/30755
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/483601/100/0/threaded
Patch vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018937
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3364
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/38665
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26412
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38439
Vendor Advisory x_refsource_confirm
https://support.f5.com/kb/en-us/solutions/public/7000/400/sol7498.html
Various Sources x_refsource_misc
http://www.procheckup.com/Vulnerability_PR07-13.php
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3847
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27647
Scores
EPSS
0.1321
EPSS Percentile
94.2%
Details
CWE
CWE-79
Status
published
Products (14)
f5/firepass_4100
5.4
f5/firepass_4100
5.4.1
f5/firepass_4100
5.4.2
f5/firepass_4100
5.4.3
f5/firepass_4100
5.4.4
f5/firepass_4100
5.4.5
f5/firepass_4100
5.4.6
f5/firepass_4100
5.4.7
f5/firepass_4100
5.4.8
f5/firepass_4100
5.4.9
... and 4 more
Published
Nov 15, 2007
Tracked Since
Feb 18, 2026