Multiple Cross-Site Scripting Vulnerabilities in Sophos Web Appliance
CVE-2013-2643

Currently unrated

Key Information:

Vendor: Sophos
Status: Web Appliance Firmware; Web Appliance
Vendor: CVE Published:; 18 March 2014

What is CVE-2013-2643?

The Sophos Web Appliance has several vulnerabilities that enable remote attackers to execute arbitrary web scripts or HTML. These vulnerabilities can be exploited through multiple parameters, allowing attackers to manipulate the behavior of the web application. Specifically, attackers can inject malicious scripts via the 'xss' parameter in the 'allow' action to 'rss.php', the 'msg' parameter to 'end-user/errdoc.php', the 'h' parameter to 'end-user/ftp_redirect.php', and the 'threat' parameter to the Blocked component. This exposes the application and its users to various security risks, making it essential for users to upgrade to the recommended versions to mitigate these threats.

References

https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...

x_refsource_MISC

http://www.sophos.com/en-us/support/knowledgebase/118969....

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 18, 2014
Vulnerability Reserved
Mar 22, 2013