CVE-2008-1463

Imperva SecureSphere MX <5.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the management GUI in Imperva SecureSphere MX Management Server 5.0 allows remote attackers to inject arbitrary web script or HTML via an invalid or prohibited request to a web server protected by SecureSphere, which triggers injection into the "corrective action" section of an alert page.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Berezniski · textwebappsasp

https://www.exploit-db.com/exploits/31413

View Code ZIP pw:eip

References (4)

[Various Sources] http://imperva.com/go/secadv/20080318

[Vendor Advisory] http://secunia.com/advisories/29439

[Exploit] http://www.securityfocus.com/bid/28279

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41359

Scores

EPSS 0.0056

EPSS Percentile 68.1%

Classification

CWE

CWE-79

Status draft

Affected Products (3)

imperva/securesphere

imperva/securesphere_mx_management_server

imperva/securesphere_mx_management_server

Timeline

Published Mar 24, 2008

Tracked Since Feb 18, 2026