CVE-2007-0186

Name of the Vulnerable Software and Affected Versions F5 FirePass SSL VPN (affected versions not specified)

Description The issue allows remote attackers to inject arbitrary web script or HTML via various parameters, including xcho, topblue, midblue, wtopblue, h321, h311, h312, ua, app param, app name, and vhost. This can be achieved through different actions to specific PHP files, such as my.logon.php3 and vdesk/admincon/index.php. Additionally, the issue can be exploited through double eval functions and JavaScript contained in an <FP DO NOT TOUCH> element.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.