Multiple Cross-Site Scripting Vulnerabilities in Sophos Web Appliance

CVE-2013-2643

Summary

The Sophos Web Appliance has several vulnerabilities that enable remote attackers to execute arbitrary web scripts or HTML. These vulnerabilities can be exploited through multiple parameters, allowing attackers to manipulate the behavior of the web application. Specifically, attackers can inject malicious scripts via the 'xss' parameter in the 'allow' action to 'rss.php', the 'msg' parameter to 'end-user/errdoc.php', the 'h' parameter to 'end-user/ftp_redirect.php', and the 'threat' parameter to the Blocked component. This exposes the application and its users to various security risks, making it essential for users to upgrade to the recommended versions to mitigate these threats.

References