Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-5979

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

4.3MEDIUM

EPSS

13.2%

top 5.86%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

F5 Firepass 4100

Timeline

PublishedNov 15

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDf5/firepass_410014 versions+13

Patches

Patch: www.securitytracker.com ↗Patch: www.securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-j6xj-3fcj-qfv2: Cross-site scripting (XSS) vulnerability in download_plugin↗2022-05-01

▶

CVEList

CVE-2007-5979: Cross-site scripting (XSS) vulnerability in download_plugin↗2007-11-15

▶

💥Exploits & PoCs

Exploit-DB

F5 FirePass 4100 SSL VPN - 'Download_Plugin.php3' Cross-Site Scripting↗2007-11-12

▶