Vulnerabilities > CVE-2007-2970 - Cross-Site Scripting vulnerability in 8e6 R3000 Internet Filter
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
8e6-technologies
Summary
Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi in 8e6 R3000 Internet Filter allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) CAT, and (3) USER parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 1 |
Statements
contributor | Mark Parker |
lastmodified | 2007-07-06 |
organization | 8e6 Technologies |
statement | I am pleased to inform you that we have released an update (version 2.0.05) which addresses this issue. All 8e6 customers with a current license will automatically download this update, and can install it once the download is complete. This update was placed on our update servers on Thu Jul 5 16:32:57 PDT 2007. Further information can be found at: http://www.8e6.com/products/R3000/patches/r3000_patches.htm |