| Vulnerability Name: | CVE-2006-2925 (CCN-26978) | ||||||||
| Assigned: | 2006-05-30 | ||||||||
| Published: | 2006-05-30 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality. | ||||||||
| CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-2925 Source: CCN Type: SA20479 Ingate Firewall and SIParator Two Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 20479 Source: CCN Type: SECTRACK ID: 1016244 Ingate Firewall Bugs Let Remote Users Deny Service and Conduct Cross-Site Scripting Attacks Source: SECTRACK Type: UNKNOWN 1016244 Source: CCN Type: SECTRACK ID: 1016245 Ingate SIParator Bugs Let Remote Users Deny Service and Conduct Cross-Site Scripting Attacks Source: SECTRACK Type: UNKNOWN 1016245 Source: CCN Type: Ingate Web site Release notice for Ingate Firewall® 4.4.1 and Ingate SIParator® 4.4.1 Source: CONFIRM Type: Patch http://www.ingate.com/relnote-441.php Source: CCN Type: OSVDB ID: 26213 Ingate Multiple Products GUI Unspecified XSS Source: VUPEN Type: UNKNOWN ADV-2006-2183 Source: XF Type: UNKNOWN ingate-gui-xss(26978) Source: XF Type: UNKNOWN ingate-gui-xss(26978) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||