CVE-2008-0838

Sophos ES1000 and ES4000 2.1.0.0 - Cross-Site Scripting via Error and Go Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0838. PoCs published by Leon Juranic.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Sophos Email Appliance's web interface due to improper input sanitization. It includes a sample URL demonstrating the injection point but lacks executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Leon Juranic · textremotewindows

https://www.exploit-db.com/exploits/31204

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in Sophos Email Appliance's web interface due to improper input sanitization. It includes a sample URL demonstrating the injection point but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: Sophos Email Appliance versions prior to 2.1.1.0

No auth needed

Prerequisites: Access to the target web interface

MITRE ATT&CK