Cross-site scripting (XSS) vulnerability in the login interface (my.logon.php3) in F5 FirePass SSL VPN 5.5 through 5.5.2 and 6.0 through 6.0.3 allows remote attackers to inject arbitrary web script or HTML via a base64-encoded xcho parameter.
https://www.fox-it.com/uploads/pdf/advisory_xss_f5_firepass.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51064
http://www.vupen.com/english/advisories/2009/1570
http://www.securitytracker.com/id?1022387
http://www.securityfocus.com/bid/35312
http://www.securityfocus.com/archive/1/504232/100/0/threaded
http://secunia.com/advisories/35426