Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Sonicwall
  • Pro 2040
  • Tz 190
  • Sonicos Enhanced
  • Tz 180

Configuration 1 [-]

AND
cpe:2.3:o:sonicwall:sonicos_enhanced:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sonicwall:pro_2040:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_180:-:*:*:*:*:*:*:*
cpe:2.3:h:sonicwall:tz_190:-:*:*:*:*:*:*:*
References
Link Resource
http://secunia.com/advisories/32498 Not Applicable
http://securityreason.com/securityalert/4556 Third Party Advisory
http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/ Third Party Advisory
http://www.securityfocus.com/archive/1/497948/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/497958/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/497968/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/497989/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/498043/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/498073/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/31998 Third Party Advisory VDB Entry
http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf Broken Link
http://www.vupen.com/english/advisories/2008/2970 Permissions Required
http://www.zerodayinitiative.com/advisories/ZDI-08-070 Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-08-070/ Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/46232 Third Party Advisory VDB Entry
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-11-04T20:00:00

Updated: 2018-10-11T19:57:01

Reserved: 2008-11-04T00:00:00

Link: CVE-2008-4918

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2008-11-04T21:00:01.813

Modified: 2022-06-17T15:18:43.297

Link: CVE-2008-4918

JSON object: View

cve-icon Redhat Information

No data.

CWE