CVE-2009-1593
Armorlogic Profense Web Application Firewall < 2.2.21 - XSS
Title source: ruleDescription
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting (XSS) attacks via a modified end tag of a SCRIPT element.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by EnableSecurity · textwebappsphp
https://www.exploit-db.com/exploits/33002
References (5)
Core 5
Core References
Various Sources x_refsource_misc
http://resources.enablesecurity.com/advisories/ES-20090500-profense.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35053
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/503649/100/0/threaded
Various Sources mailing-list
x_refsource_mlist
http://www.webappsec.org/lists/websecurity/archive/2009-05/msg00040.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50663
Scores
EPSS
0.0023
EPSS Percentile
45.2%
Details
CWE
CWE-79
Status
published
Products (2)
armorlogic/profense_web_application_firewall
2.4
armorlogic/profense_web_application_firewall
< 2.2.21
Published
May 21, 2009
Tracked Since
Feb 18, 2026