CVE-2007-6704

F5 FirePass 4100 SSL VPN <6.0.1 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Adrian Pastor · textremotehardware
https://www.exploit-db.com/exploits/30834
exploitdb WORKING POC VERIFIED
by Richard Brain · htmlremotehardware
https://www.exploit-db.com/exploits/30833

References (15)

Scores

EPSS 0.0708
EPSS Percentile 91.4%

Classification

CWE
CWE-79
Status draft

Affected Products (14)

f5/firepass_4100
f5/firepass_4100
f5/firepass_4100
f5/firepass_4100
f5/firepass_4100
f5/firepass_4100
f5/firepass_4100
f5/firepass_4100
f5/firepass_4100
f5/firepass_4100
f5/firepass_4100
f5/firepass_4100
f5/firepass_4100
f5/firepass_4100

Timeline

Published Mar 05, 2008
Tracked Since Feb 18, 2026