CVE-2013-2643

Sophos Web Appliance <3.7.8.2 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component.

Exploits (1)

exploitdb WRITEUP
by SEC Consult · textwebappslinux
https://www.exploit-db.com/exploits/24932

References (2)

Scores

EPSS 0.0097
EPSS Percentile 76.4%

Details

CWE
CWE-79
Status published
Products (3)
sophos/web_appliance_firmware < 3.7.8.1
sophos/web_appliance
n/a/n/a
Published Mar 18, 2014
Tracked Since Feb 18, 2026