CVE-2010-0703

PortWise SSL VPN 4.6 - Cross-Site Scripting via wa/auth reloadFrame Parameter

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VPN 4.6 allows remote attackers to inject arbitrary web script or HTML via the reloadFrame parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by George Christopoulos · textremotemultiple

https://www.exploit-db.com/exploits/33653

View Code ZIP pw:eip

References (7)

Core 7

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/38308

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38627

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/509584/100/0/threaded

Exploit x_refsource_misc

http://packetstormsecurity.org/1002-exploits/PR09-04.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/56420

Exploit x_refsource_misc

http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-04

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/62482

Scores

EPSS 0.0577

EPSS Percentile 90.6%

Details

CWE

CWE-79

Status published

Products (1)

portwise/ssl_vpn 4.6

Published Feb 23, 2010

Tracked Since Feb 18, 2026