{"vuid":"VU#807134","idnumber":"807134","name":"WatchGuard Fireware XTM devices contain a cross-site scripting vulnerability","keywords":["xtm","watchguard","xss","fireware","cross-site scripting"],"overview":"WatchGuard Fireware XTM 11.8.1, and possibly earlier versions, contains a cross-site scripting vulnerability.","clean_desc":"CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') WatchGuard Fireware XTM 11.8.1 contains a cross-site scripting vulnerability in the \"poll_name\" parameter of the \"firewall/policy\" page. Additional details may be found in the WatchGuard advisory.","impact":"A remote attacker that is able to trick a user in to visiting a specially crafted URL may be able to conduct a cross-site scripting attack. This attack may result in information leakage, privilege escalation, and/or denial of service.","resolution":"Apply an Update WatchGuard Fireware XTM 11.8.3 addresses this vulnerability.","workarounds":"","sysaffected":"","thanks":"Thanks to William Costa for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://watchguardsecuritycenter.com/2014/03/13/fireware-xtm-11-8-3-update-corrects-xss-flaw/","http://watchguardsecuritycenter.com/2014/03/13/new-release-fireware-xtm-11-8-3-and-wsm-11-8-3/"],"cveids":["CVE-2014-0338"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-01-10T15:19:14Z","publicdate":"2014-03-13T00:00:00Z","datefirstpublished":"2014-03-13T19:31:13Z","dateupdated":"2014-03-13T19:31:15Z","revision":13,"vrda_d1_directreport":"1","vrda_d1_population":"1","vrda_d1_impact":"1","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"P","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"4.3","cvss_basevector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","cvss_temporalscore":"3.4","cvss_environmentalscore":"0.84096704034","cvss_environmentalvector":"CDP:ND/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}