CVE-2010-2290

Mcafee Unified Threat Management Firewall Firmware - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

References (7)

[Exploit] http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/

[Vendor Advisory] http://secunia.com/advisories/40089

[Vendor Advisory] http://secunia.com/advisories/40138

[Exploit] http://www.securitytracker.com/id?1024091

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/1413

[Patch, Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10010

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/511771/100/0/threaded

Scores

EPSS 0.0067

EPSS Percentile 71.0%

Classification

CWE

CWE-79

Status published

Affected Products (4)

mcafee/unified_threat_management_firewall_firmware

n/a/n/a

Timeline

Published Jun 15, 2010

Tracked Since Feb 18, 2026