CVE-2008-4918
Published Nov 4, 2008
Last updated 2 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sonicos_enhanced:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E717C24-8D41-49F7-AD40-F35EDF2BCADD",
"versionEndExcluding": "4.0.1.1"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:pro_2040:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BF979EA3-E2E5-4075-9C85-4CA2C10E37B1"
},
{
"criteria": "cpe:2.3:h:sonicwall:tz_180:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "96EBED65-E9EE-487E-9113-4A3ECD12E897"
},
{
"criteria": "cpe:2.3:h:sonicwall:tz_190:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "202D7BE0-5547-4376-B80E-0C97C089554B"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]