CVE-2006-2925

Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality.

Published: Jun 9, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-2925
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:H/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ingate / siparator	-	4.3.4.x
ingate / siparator	4.3.1	4.3.1.x
ingate / ingate_firewall	-	4.3.4.x
ingate / ingate_firewall	4.3.1	4.3.1.x

http://secunia.com/advisories/20479
http://securitytracker.com/id?1016244
http://securitytracker.com/id?1016245
http://www.ingate.com/relnote-441.php
http://www.vupen.com/english/advisories/2006/2183
https://exchange.xforce.ibmcloud.com/vulnerabilities/26978

Vulnerability Database

290,020

CVE-2006-2925