CVE-2012-4923
Endian Firewall 2.4 - Cross-Site Scripting via dnat.cgi createrule Parameter
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2012-4923. PoCs published by Vulnerability Research Laboratory.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Endian Firewall, where insufficient sanitization of user-supplied data allows arbitrary script execution. The example URL demonstrates a potential attack vector.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi.
Exploits (3)
The provided text describes a cross-site scripting (XSS) vulnerability in Endian Firewall, where insufficient sanitization of user-supplied data allows arbitrary script execution. The example URL demonstrates a potential attack vector.
The provided text describes a cross-site scripting (XSS) vulnerability in Endian Firewall, where insufficient sanitization of user-supplied data allows arbitrary script execution. The example URL demonstrates a potential attack vector.
The provided text describes a cross-site scripting (XSS) vulnerability in Endian Firewall, where insufficient sanitization of user-supplied data allows arbitrary script execution. The example URL demonstrates a potential attack vector.