Lucene search

CVE-2013-2643

🗓️ 18 Mar 2014 17:51:02Reported by mitreType

cve🔗 web.nvd.nist.gov👁 35 Views🌐 WEB

Sophos Web Appliance before 3.7.8.2 multiple XSS vulnerabilitie

Reporter	Title	Published	Views	Family All 11
Tenable Nessus	Sophos Web Protection Appliance end-user-/errdoc.php 'msg' Parameter XSS	18 Apr 201300:00	–	nessus
NVD	CVE-2013-2643	18 Mar 201417:02	–	nvd
Cvelist	CVE-2013-2643	18 Mar 201414:00	–	cvelist
Prion	Cross site scripting	18 Mar 201417:02	–	prion
0day.today	Sophos Web Protection Appliance 3.7.8.1 XSS / Command Execution	4 Apr 201300:00	–	zdt
Exploit DB	Sophos Web Protection Appliance 3.7.8.1 - Multiple Vulnerabilities	8 Apr 201300:00	–	exploitdb
securityvulns	Sophos Web Protection Appliance multiple security vulnerabilities	8 Apr 201300:00	–	securityvulns
securityvulns	SEC Consult SA-20130403-0 :: Multiple vulnerabilities in Sophos Web Protection Appliance	8 Apr 201300:00	–	securityvulns
Packet Storm	Sophos Web Protection Appliance 3.7.8.1 XSS / Command Execution	3 Apr 201300:00	–	packetstorm
exploitpack	Sophos Web Protection Appliance 3.7.8.1 - Multiple Vulnerabilities	8 Apr 201300:00	–	exploitpack

Nvd

Node

sophos web_appliance_firmwareRange≤3.7.8.1

AND

sophos web_applianceMatch-

Source	Link
sophos	www.sophos.com/en-us/support/knowledgebase/118969.aspx
sec-consult	www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt

Parameter	Position	Path	Description	CWE
e	query param	/end-user/errdoc.php	Reflected Cross Site Scripting (XSS) vulnerability allowing an attacker to inject arbitrary script code.	CWE-79
msg	query param	/end-user/errdoc.php	Reflected Cross Site Scripting (XSS) vulnerability allowing an attacker to inject arbitrary script code.	CWE-79
r	query param	/end-user/ftp_redirect.php	Reflected Cross Site Scripting (XSS) vulnerability allowing an attacker to inject arbitrary script code.	CWE-79
h	query param	/end-user/ftp_redirect.php	Reflected Cross Site Scripting (XSS) vulnerability allowing an attacker to inject arbitrary script code.	CWE-79
action	query param	/rss.php	Reflected Cross Site Scripting (XSS) vulnerability allowing an attacker to inject arbitrary script code.	CWE-79
xss	query param	/rss.php	Reflected Cross Site Scripting (XSS) vulnerability allowing an attacker to inject arbitrary script code.	CWE-79
c	query param	/index.php	Reflected Cross Site Scripting (XSS) vulnerability allowing an attacker to inject arbitrary script code.	CWE-79
reason	query param	/index.php	Reflected Cross Site Scripting (XSS) vulnerability allowing an attacker to inject arbitrary script code.	CWE-79
user	query param	/index.php	Reflected Cross Site Scripting (XSS) vulnerability allowing an attacker to inject arbitrary script code.	CWE-79
threat	query param	/index.php	Reflected Cross Site Scripting (XSS) vulnerability allowing an attacker to inject arbitrary script code.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

18 Mar 2014 17:02Current

5.7Medium risk

Vulners AI Score5.7

CVSS24.3

EPSS0.00489

CWE-79