Multiple Cross-Site Scripting Vulnerabilities in Sophos Email Security Appliances
CVE-2008-0838

Currently unrated

Key Information:

Vendor: Sophos
Status: Es4000; Es1000
Vendor: CVE Published:; 20 February 2008

Summary

The Sophos Email Security Appliance contains multiple cross-site scripting vulnerabilities within its web administration interface. These flaws allow attackers to inject arbitrary web scripts or HTML into the login page through manipulated parameters. This may enable unauthorized access and compromise the integrity of user data and interactions with the appliance.

References

http://www.securityfocus.com/archive/1/488206/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securitytracker.com/id?1019427

vdb-entryx_refsource_SECTRACK

http://www.sophos.com/support/knowledgebase/article/34733...

x_refsource_CONFIRM

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 20, 2008
Vulnerability Reserved
Feb 20, 2008