Multiple Cross-Site Scripting Vulnerabilities in Sophos Web Appliance
CVE-2013-2643

Currently unrated

Key Information:

Vendor
Sophos
Vendor
CVE Published:
18 March 2014

Summary

The Sophos Web Appliance has several vulnerabilities that enable remote attackers to execute arbitrary web scripts or HTML. These vulnerabilities can be exploited through multiple parameters, allowing attackers to manipulate the behavior of the web application. Specifically, attackers can inject malicious scripts via the 'xss' parameter in the 'allow' action to 'rss.php', the 'msg' parameter to 'end-user/errdoc.php', the 'h' parameter to 'end-user/ftp_redirect.php', and the 'threat' parameter to the Blocked component. This exposes the application and its users to various security risks, making it essential for users to upgrade to the recommended versions to mitigate these threats.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.