CVE-2008-4918

Published: Nov 4, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."

Affected (1)

Products: Sonicwall: Sonicos Enhanced

1 product

Sonicos Enhanced

Configuration A

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Sonicwall Sonicos Enhanced	Before 4.0.1.1

Running on/with	Platform Versions
Sonicwall Pro 2040	All versions
Sonicwall Tz 180	All versions
Sonicwall Tz 190	All versions

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (30)

http://secunia.com/advisories/32498

Source: cve@mitre.org

Not Applicable

http://securityreason.com/securityalert/4556

Source: cve@mitre.org

Third Party Advisory

http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/archive/1/497948/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/497958/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/497968/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/497989/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/498043/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/498073/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/31998

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf

Source: cve@mitre.org

Broken Link

http://www.vupen.com/english/advisories/2008/2970

Source: cve@mitre.org

Permissions Required

http://www.zerodayinitiative.com/advisories/ZDI-08-070

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-08-070/

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/46232

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://secunia.com/advisories/32498

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://securityreason.com/securityalert/4556

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/archive/1/497948/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/497958/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/497968/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/497989/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/498043/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/498073/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/31998

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.vupen.com/english/advisories/2008/2970

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

http://www.zerodayinitiative.com/advisories/ZDI-08-070

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-08-070/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/46232

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.