CVE-2010-2290

MEDIUM

4.3

CVSS Severity Score

EPSS Score0.1110%

EPSS Percentile37.22th

Published2010年6月15日

Last Modified2026年4月29日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

Affected Platforms (CPE)

📦

Mcafee

Unified Threat Management Firewall Firmware

= 3.0.0

📦

Mcafee

Unified Threat Management Firewall Firmware

= 3.1.5

📦

Mcafee

Unified Threat Management Firewall Firmware

= 4.0.6

References & Advisories

🔗 http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/

🔗 http://secunia.com/advisories/40089

🔗 http://secunia.com/advisories/40138

🔗 http://www.securityfocus.com/archive/1/511771/100/0/threaded

🔗 http://www.securitytracker.com/id?1024091

🔗 http://www.vupen.com/english/advisories/2010/1413

🔗 https://kc.mcafee.com/corporate/index?page=content&id=SB10010

🔗 http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/

Vulnerability Description

Affected Platforms (CPE)

Unified Threat Management Firewall Firmware

Unified Threat Management Firewall Firmware

Unified Threat Management Firewall Firmware

References & Advisories

関連する脆弱性情報