Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2637

CWE-79Cross-site Scripting (XSS)5 documents4 sources
Severity
4.3MEDIUM
EPSS
13.1%
top 5.89%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
F5 Firepass SSL VPN
Timeline
PublishedJun 10
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-fc3v-jjjq-68v3: Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 62022-05-01
CVEList
CVE-2008-2637: Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 62008-06-10

💥Exploits & PoCs

2
Exploit-DB
F5 FirePass 6.0.2.3 - '/vdesk/admincon/webyfiers.php?css_exceptions' Cross-Site Scripting2008-06-05
Exploit-DB
F5 FirePass 6.0.2.3 - '/vdesk/admincon/index.php?sql_matchscope' Cross-Site Scripting2008-06-05
CVE-2008-2637 (MEDIUM CVSS 4.3) | Multiple cross-site scripting (XSS) | cvebase.io