NVD

Id
4707  
Name
CVE-2008-4918  
Description
Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-03  
Published
2008-11-04  
Modified Date
2016-11-18  
Seq
2008-4918  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
29435 4707 CVE-2008-4918 4556  View
29436 4707 CVE-2008-4918 http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/  View
29437 4707 CVE-2008-4918 20081030 ZDI-08-070: SonicWALL Content-Filtering Universal Script Injection Vulnerability  View
29438 4707 CVE-2008-4918 20081031 Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day  View
29439 4707 CVE-2008-4918 20081031 Re: Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day  View
29440 4707 CVE-2008-4918 20081101 Re: Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day  View
29441 4707 CVE-2008-4918 20081104 Re: Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day  View
29442 4707 CVE-2008-4918 20081105 Re: Re: Re: [Full-disclosure] Universal Website Hijacking by Exploiting Firewall Content Filtering Features + SonicWALL firewalls 0day  View
29443 4707 CVE-2008-4918 31998  View
29444 4707 CVE-2008-4918 http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf  View
29445 4707 CVE-2008-4918 ADV-2008-2970  View
29446 4707 CVE-2008-4918 http://www.zerodayinitiative.com/advisories/ZDI-08-070  View
29447 4707 CVE-2008-4918 http://www.zerodayinitiative.com/advisories/ZDI-08-070/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
51110 JVNDB-2008-006420 SonicWALL Pro 2040 などで使用されている SonicWALL SonicOS Enhanced におけるクロスサイトスクリプティングの脆弱性 SonicWALL Pro 2040、TZ 180、および 190 で使用されている SonicWALL SonicOS Enhanced は、CFS ブロックページで適切に処理されていないため、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2008-4918 35031 CVE-2008-4918 4707 4.3 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-006420.html 2008-11-04 2012-12-20 View