CVE-2008-4918

Sažetak

Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."

Reference

http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf
http://secunia.com/advisories/32498
http://www.zerodayinitiative.com/advisories/ZDI-08-070/
http://www.securityfocus.com/bid/31998
http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/
http://www.zerodayinitiative.com/advisories/ZDI-08-070
http://securityreason.com/securityalert/4556
http://www.vupen.com/english/advisories/2008/2970
https://exchange.xforce.ibmcloud.com/vulnerabilities/46232
http://www.securityfocus.com/archive/1/498073/100/0/threaded
http://www.securityfocus.com/archive/1/498043/100/0/threaded
http://www.securityfocus.com/archive/1/497989/100/0/threaded
http://www.securityfocus.com/archive/1/497968/100/0/threaded
http://www.securityfocus.com/archive/1/497958/100/0/threaded
http://www.securityfocus.com/archive/1/497948/100/0/threaded

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

17-06-2022 - 15:18

Objavljeno

04-11-2008 - 21:00