Overview :
A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code.
Affected Product(s) :
  • Freebox OS Web interface 3.0.2
Vulnerability Details :
CVE ID : CVE-2014-9405
Freebox allows users to create VPN connections to their home network.

Solution :

Update to Freebox OS Web interface 3.0.3