Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance prior to 3.7.8.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sophos web_appliance_firmware |
||
sophos web_appliance - |