WatchGuard Support Center

Knowledge Base - Article

 XTM & Firebox Web UI Stored XSS Vulnerability

Tracking ID: FBX-5313
Status: Resolved
Article Number: 000015891
Severity: Medium
In Fireware v11.12.4 and earlier releases, the Web UI Traffic Monitor does not correctly sanitize the user field in log messages for failed authentication attempts. An attacker could exploit this vulnerability to inject arbitrary JavaScript into the Firebox log messages, which could impact users of the Web UI Traffic Monitor. David Fernández of Sidertia Solutions reported this vulnerability to WatchGuard.

No workaround exists at this time for Fireboxes. This issue does not occur with Fireware v12.0 or higher.

No workaround is necessary for:
  • WatchGuard AP
  • WatchGuard Dimension
  • WatchGuard XCS
  • WatchGuard SSL appliances

Fireware v12.0 escapes HTML special characters before they are displayed in Traffic Monitor.