CVE-2008-4918

Sonicwall Sonicos Enhanced < 4.0.1.1 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."

Exploits (1)

exploitdb WORKING POC VERIFIED

by pagvac · textremotehardware

https://www.exploit-db.com/exploits/32552

View Code ZIP pw:eip

References (15)

[Not Applicable] http://secunia.com/advisories/32498

[Third Party Advisory] http://securityreason.com/securityalert/4556

[Third Party Advisory] http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/497948/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/497958/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/497968/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/497989/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/498043/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/498073/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31998

[Broken Link] http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf

[Permissions Required] http://www.vupen.com/english/advisories/2008/2970

[Third Party Advisory, VDB Entry] http://www.zerodayinitiative.com/advisories/ZDI-08-070

[Third Party Advisory, VDB Entry] http://www.zerodayinitiative.com/advisories/ZDI-08-070/

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46232

Scores

EPSS 0.2570

EPSS Percentile 96.2%

Classification

CWE

CWE-79

Status published

Affected Products (2)

sonicwall/sonicos_enhanced < 4.0.1.1

n/a/n/a

Timeline

Published Nov 04, 2008

Tracked Since Feb 18, 2026