CVE-2009-2119

F5 FirePass SSL VPN <6.0.3 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter.

References (10)

Scores

EPSS 0.0117
EPSS Percentile 78.5%

Classification

CWE
CWE-79
Status published

Affected Products (8)

f5/firepass_ssl_vpn
f5/firepass_ssl_vpn
f5/firepass_ssl_vpn
f5/firepass_ssl_vpn
f5/firepass_ssl_vpn
f5/firepass_ssl_vpn
f5/firepass_ssl_vpn
n/a/n/a

Timeline

Published Jun 18, 2009
Tracked Since Feb 18, 2026