Armorlogic: >> Profense Web Application Firewall >> 2.6.3 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allows remote attackers to inject arbitrary web script or HTML via the proxy parameter in a deny_log manage action.
CVSS Score
4.3
EPSS Score
0.013
Published
2009-02-10
Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown the server, (2) send ping packets, (3) enable network services, (4) configure a proxy server, and (5) modify other settings via parameters in the query string.
CVSS Score
6.8
EPSS Score
0.001
Published
2009-02-10