4.3
CVE-2008-4918
- EPSS 6.43%
- Veröffentlicht 04.11.2008 21:00:01
- Zuletzt bearbeitet 16.06.2026 22:58:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.43% | 0.928 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://secunia.com/advisories/32498
http://securityreason.com/securityalert/4556
http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/
http://www.securityfocus.com/archive/1/497948/100/0/threaded
http://www.securityfocus.com/archive/1/497958/100/0/threaded
http://www.securityfocus.com/archive/1/497968/100/0/threaded
http://www.securityfocus.com/archive/1/497989/100/0/threaded
http://www.securityfocus.com/archive/1/498043/100/0/threaded
http://www.securityfocus.com/archive/1/498073/100/0/threaded
http://www.securityfocus.com/bid/31998
http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf
http://www.vupen.com/english/advisories/2008/2970
http://www.zerodayinitiative.com/advisories/ZDI-08-070
http://www.zerodayinitiative.com/advisories/ZDI-08-070/
https://exchange.xforce.ibmcloud.com/vulnerabilities/46232