Exploitation Summary
EIP tracks 1 public exploit for CVE-2013-2643. PoCs published by SEC Consult.
AI-analyzed exploit summary This is a detailed security advisory from SEC Consult describing multiple vulnerabilities in Sophos Web Protection Appliance, including unauthenticated local file disclosure, OS command injection, and reflected XSS. It provides proof-of-concept examples for each vulnerability.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component.
Exploits (1)
This is a detailed security advisory from SEC Consult describing multiple vulnerabilities in Sophos Web Protection Appliance, including unauthenticated local file disclosure, OS command injection, and reflected XSS. It provides proof-of-concept examples for each vulnerability.