Endian Firewall 2.4 - 'openvpn_users.cgi?PATH_INFO' Cross-Site Scripting
| EKU-ID: 41362 | CVE: CVE-2012-4923;OSVDB-85700 | OSVDB-ID: |
| Author: Vulnerability Research Laboratory | Published: 2012-02-27 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 41362 | CVE: CVE-2012-4923;OSVDB-85700 | OSVDB-ID: |
| Author: Vulnerability Research Laboratory | Published: 2012-02-27 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/52076/info Endian Firewall is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials. Other attacks are also possible. https://www.example.com/cgi-bin/openvpn_users.cgi?=[XSS]