Unrated severityNVD Advisory· Published Jun 15, 2010· Updated Apr 29, 2026
CVE-2010-2290
CVE-2010-2290
Description
Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Affected products
4cpe:2.3:a:mcafee:unified_threat_management_firewall_firmware:3.0.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:mcafee:unified_threat_management_firewall_firmware:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:unified_threat_management_firewall_firmware:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:unified_threat_management_firewall_firmware:4.0.6:*:*:*:*:*:*:*
- (no CPE)range: >=3.0.0 <=4.0.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- kc.mcafee.com/corporate/indexnvdPatchVendor Advisory
- ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/nvdExploit
- www.securitytracker.com/idnvdExploit
- secunia.com/advisories/40089nvdVendor Advisory
- secunia.com/advisories/40138nvdVendor Advisory
- www.vupen.com/english/advisories/2010/1413nvdVendor Advisory
- www.securityfocus.com/archive/1/511771/100/0/threadednvd
News mentions
0No linked articles in our index yet.