Cross-Site Scripting in Sophos Anti-Virus for Linux Web UI
CVE-2014-2385
Currently unrated
Summary
Multiple vulnerabilities in the web UI of Sophos Anti-Virus for Linux allow local users to execute arbitrary web scripts or HTML. By manipulating specific parameters, including 'ExcludeFileOnExpression', 'ExcludeFilesystems', and 'Email', attackers can compromise the application's configuration and potentially launch further attacks.
References
Timeline
Vulnerability published
Vulnerability Reserved