CVE-2010-2290

McAfee Unified Threat Management Firewall Firmware 3.0.0-4.0.6 - Cross-Site Scripting via Help Page Parameter

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

References (7)

Core 7

Core References

Exploit x_refsource_misc

http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/

Patch, Vendor Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10010

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1413

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40089

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40138

Exploit vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1024091

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/511771/100/0/threaded

Scores

EPSS 0.0067

EPSS Percentile 71.5%

Details

CWE

CWE-79

Status published

Products (3)

mcafee/unified_threat_management_firewall_firmware 3.0.0

mcafee/unified_threat_management_firewall_firmware 3.1.5

mcafee/unified_threat_management_firewall_firmware 4.0.6

Published Jun 15, 2010

Tracked Since Feb 18, 2026