CVE-2008-4918

Sonicwall Sonicos Enhanced < 4.0.1.1 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."

Exploits (1)

exploitdb WORKING POC VERIFIED

by pagvac · textremotehardware

https://www.exploit-db.com/exploits/32552

View Code ZIP pw:eip

References (15)

Core 15

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/498043/100/0/threaded

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/497958/100/0/threaded

Permissions Required vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2970

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/497948/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31998

Third Party Advisory, VDB Entry x_refsource_misc

http://www.zerodayinitiative.com/advisories/ZDI-08-070/

Not Applicable third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32498

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/497968/100/0/threaded

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/498073/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4556

Third Party Advisory, VDB Entry x_refsource_misc

http://www.zerodayinitiative.com/advisories/ZDI-08-070

Third Party Advisory x_refsource_misc

http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/

Broken Link x_refsource_confirm

http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46232

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/497989/100/0/threaded

Scores

EPSS 0.2570

EPSS Percentile 96.3%

Details

CWE

CWE-79

Status published

Products (1)

sonicwall/sonicos_enhanced < 4.0.1.1

Published Nov 04, 2008

Tracked Since Feb 18, 2026