XSS in Sophos Web_appliance
CVE-2013-2643
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.010 (77.0th percentile) — read the EPSS interpretation.
Affected products
- Sophos Web_appliance
- Sophos Web_appliance_firmware
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)