CVE-2008-2637

medium

CVSS v3 Base Score

4.3

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Score

13.1%

Exploitation probability in 30 days

Top 6% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

None

Integrity

Availability

None

Published: June 10, 2008 (6547 days ago)

Last Modified: April 23, 2026

Vendor: F5

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.

CWE

CWE-79

Affected Products

f5 firepass ssl vpn

References

🔗 secunia.com 🔗 securityreason.com 🔗 www.securityfocus.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com

CVE-2008-2637

Vulnerability Report

Description

CWE

Affected Products

References