Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the 1 xss parameter in an allow action to rss.php, 2 msg parameter to end-user/errdoc.php, 3 h parameter to end-user/ftpredirect.php, or 4...