Cross-Site Scripting in Sophos Anti-Virus for Linux Web UI
CVE-2014-2385

Currently unrated

Key Information:

Vendor: Sophos
Status: Anti-virus
Vendor: CVE Published:; 22 July 2014

Summary

Multiple vulnerabilities in the web UI of Sophos Anti-Virus for Linux allow local users to execute arbitrary web scripts or HTML. By manipulating specific parameters, including 'ExcludeFileOnExpression', 'ExcludeFilesystems', and 'Email', attackers can compromise the application's configuration and potentially launch further attacks.

References

http://www.securityfocus.com/archive/1/532558/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/127228/Sophos-Antivi...

x_refsource_MISC

http://seclists.org/fulldisclosure/2014/Jun/126

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Jul 22, 2014
Vulnerability Reserved
Mar 13, 2014