Multiple Cross-Site Scripting Vulnerabilities in Sophos Web Appliance
CVE-2013-2643
Currently unrated
Key Information:
- Vendor
- Sophos
- Vendor
- CVE Published:
- 18 March 2014
Summary
The Sophos Web Appliance has several vulnerabilities that enable remote attackers to execute arbitrary web scripts or HTML. These vulnerabilities can be exploited through multiple parameters, allowing attackers to manipulate the behavior of the web application. Specifically, attackers can inject malicious scripts via the 'xss' parameter in the 'allow' action to 'rss.php', the 'msg' parameter to 'end-user/errdoc.php', the 'h' parameter to 'end-user/ftp_redirect.php', and the 'threat' parameter to the Blocked component. This exposes the application and its users to various security risks, making it essential for users to upgrade to the recommended versions to mitigate these threats.
References
Timeline
Vulnerability published
Vulnerability Reserved