NetScreen-25 HTML Injection Log File Display Vulnerability

NetScreen-25 HTML Injection Log File Display Vulnerability

NetScreen produces an event log HTML page which can be configured to itemize failed login attempts. This page is accessible through a web interface.

NetScreen fails to filter HTML tags from the authentication fields of the web user interface. As a result, the log files will appear as though they have been deleted.

This issue has been reported to exist in NetScreen-25 with ScreenOS 3.0.3r1.1, other versions may also be affected by this issue.