Published: 20/02/2008 Updated: 15/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sophos es1000 2.1.0.0
sophos es4000 2.1.0.0

source: wwwsecurityfocuscom/bid/27813/info Sophos Email Appliance is prone to multiple cross-site scripting vulnerabilities that affect its web interface because it fails to properly sanitize user-supplied input before using it in dynamically generated content An attacker may leverage these issues to execute arbitrary script code in the ...

CWE-79 http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-02-13 http://www.sophos.com/support/knowledgebase/article/34733.html http://www.securityfocus.com/bid/27813 http://secunia.com/advisories/28961 http://www.securitytracker.com/id?1019427 http://securityreason.com/securityalert/3673 http://www.vupen.com/english/advisories/2008/0574 http://www.securityfocus.com/archive/1/488206/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/31204/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-0838

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect