Vulnerabilities > CVE-2006-2925 - Cross-Site Scripting vulnerability in Ingate Firewall

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

high complexity

ingate

NVD

Published: 2006-06-09

Updated: 2017-07-20

Summary

Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality.

Vulnerable Configurations

Part	Description	Count
Hardware	Ingate Ingate Ingate Firewall 4.3.1 Ingate Ingate Firewall * Ingate Siparator 4.3.1 Ingate Siparator *	4

References

http://secunia.com/advisories/20479
http://securitytracker.com/id?1016244
http://securitytracker.com/id?1016245
http://www.ingate.com/relnote-441.php
http://www.vupen.com/english/advisories/2006/2183
https://exchange.xforce.ibmcloud.com/vulnerabilities/26978