CVE-2009-1593

Armorlogic Profense Web Application Firewall < 2.2.21 - XSS

Title source: rule

Description

Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting (XSS) attacks via a modified end tag of a SCRIPT element.

Exploits (1)

exploitdb WRITEUP VERIFIED

by EnableSecurity · textwebappsphp

https://www.exploit-db.com/exploits/33002

View Code ZIP pw:eip

References (5)

[Various Sources] http://resources.enablesecurity.com/advisories/ES-20090500-profense.txt

[Various Sources] http://www.webappsec.org/lists/websecurity/archive/2009-05/msg00040.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/50663

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/503649/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/35053

Scores

EPSS 0.0023

EPSS Percentile 45.1%

Classification

CWE

CWE-79

Status published

Affected Products (3)

armorlogic/profense_web_application_firewall < 2.2.21

armorlogic/profense_web_application_firewall

n/a/n/a

Timeline

Published May 21, 2009

Tracked Since Feb 18, 2026