CVE-2010-2290

Опубликовано: 15 июн. 2010

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

Ссылки

http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/
Exploit
http://secunia.com/advisories/40089
Vendor Advisory
http://secunia.com/advisories/40138
Vendor Advisory
http://www.securityfocus.com/archive/1/511771/100/0/threaded
http://www.securitytracker.com/id?1024091
Exploit
http://www.vupen.com/english/advisories/2010/1413
Vendor Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10010
Patch
Vendor Advisory
http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/
Exploit
http://secunia.com/advisories/40089
Vendor Advisory
http://secunia.com/advisories/40138
Vendor Advisory
http://www.securityfocus.com/archive/1/511771/100/0/threaded
http://www.securitytracker.com/id?1024091
Exploit
http://www.vupen.com/english/advisories/2010/1413
Vendor Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10010
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:mcafee:unified_threat_management_firewall_firmware:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:mcafee:unified_threat_management_firewall_firmware:3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:mcafee:unified_threat_management_firewall_firmware:4.0.6:*:*:*:*:*:*:*

cpe:2.3:h:mcafee:unified_threat_management_firewall:*:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00666

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-9qj6-548m-j6pf

github

больше 3 лет назад