CVE-2009-2119

F5 FirePass SSL VPN 5.5-5.5.2 6.0-6.0.3 - Cross-Site Scripting via Base64-Encoded xcho Parameter

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter.

References (10)

Core 10

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35418

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35426

Vendor Advisory x_refsource_misc

https://www.fox-it.com/nl/nieuws-en-events/nieuws/laatste-nieuws/nieuwsartikel/f5-firepass-cross-site-scripting-vulnerability/106

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/55040

Various Sources x_refsource_misc

https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/504232/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35312

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/51064

Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1570

Patch vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1022387

Scores

EPSS 0.0117

EPSS Percentile 78.9%

Details

CWE

CWE-79

Status published

Products (7)

f5/firepass_ssl_vpn 5.5

f5/firepass_ssl_vpn 5.5.1

f5/firepass_ssl_vpn 5.5.2

f5/firepass_ssl_vpn 6.0

f5/firepass_ssl_vpn 6.0.1

f5/firepass_ssl_vpn 6.0.2

f5/firepass_ssl_vpn 6.0.3

Published Jun 18, 2009

Tracked Since Feb 18, 2026