CVE-2010-0703

PortWise SSL VPN 4.6 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VPN 4.6 allows remote attackers to inject arbitrary web script or HTML via the reloadFrame parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by George Christopoulos · textremotemultiple

https://www.exploit-db.com/exploits/33653

View Code ZIP pw:eip

References (7)

[Exploit] http://packetstormsecurity.org/1002-exploits/PR09-04.txt

[Vendor Advisory] http://secunia.com/advisories/38627

[Exploit] http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-04

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/56420

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/509584/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/38308

[Third Party Advisory, VDB Entry] http://osvdb.org/62482

Scores

EPSS 0.0608

EPSS Percentile 90.6%

Classification

CWE

CWE-79

Status published

Affected Products (2)

portwise/ssl_vpn

n/a/n/a

Timeline

Published Feb 23, 2010

Tracked Since Feb 18, 2026