Multiple Cross-Site Scripting Vulnerabilities in Sophos Web Appliance

CVE-2013-2643

What is CVE-2013-2643?

The Sophos Web Appliance has several vulnerabilities that enable remote attackers to execute arbitrary web scripts or HTML. These vulnerabilities can be exploited through multiple parameters, allowing attackers to manipulate the behavior of the web application. Specifically, attackers can inject malicious scripts via the 'xss' parameter in the 'allow' action to 'rss.php', the 'msg' parameter to 'end-user/errdoc.php', the 'h' parameter to 'end-user/ftp_redirect.php', and the 'threat' parameter to the Blocked component. This exposes the application and its users to various security risks, making it essential for users to upgrade to the recommended versions to mitigate these threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References