CVE-2008-4918

Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."

Published: Nov 4, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-4918
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
sonicwall / sonicos_enhanced	-	4.0.1.1

http://secunia.com/advisories/32498
http://securityreason.com/securityalert/4556
http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/
http://www.securityfocus.com/archive/1/497948/100/0/threaded
http://www.securityfocus.com/archive/1/497958/100/0/threaded
http://www.securityfocus.com/archive/1/497968/100/0/threaded
http://www.securityfocus.com/archive/1/497989/100/0/threaded
http://www.securityfocus.com/archive/1/498043/100/0/threaded
http://www.securityfocus.com/archive/1/498073/100/0/threaded
http://www.securityfocus.com/bid/31998
http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf
http://www.vupen.com/english/advisories/2008/2970
http://www.zerodayinitiative.com/advisories/ZDI-08-070
http://www.zerodayinitiative.com/advisories/ZDI-08-070/
https://exchange.xforce.ibmcloud.com/vulnerabilities/46232

Vulnerability Database

290,206

CVE-2008-4918