Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-4918

Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."

Published

2008-11-04T21:00:01.813

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	sonicwall	sonicos_enhanced	< 4.0.1.1	Yes
Hardware	sonicwall	pro_2040	-	No
Hardware	sonicwall	tz_180	-	No
Hardware	sonicwall	tz_190	-	No

References

http://secunia.com/advisories/32498 Not Applicable ([email protected])
http://securityreason.com/securityalert/4556 Third Party Advisory ([email protected])
http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/ Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/497948/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/497958/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/497968/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/497989/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/498043/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/498073/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/31998 Third Party Advisory, VDB Entry ([email protected])
http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf Broken Link ([email protected])
http://www.vupen.com/english/advisories/2008/2970 Permissions Required ([email protected])
http://www.zerodayinitiative.com/advisories/ZDI-08-070 Third Party Advisory, VDB Entry ([email protected])
http://www.zerodayinitiative.com/advisories/ZDI-08-070/ Third Party Advisory, VDB Entry ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/46232 Third Party Advisory, VDB Entry ([email protected])
http://secunia.com/advisories/32498 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/4556 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/497948/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/497958/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/497968/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/497989/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/498043/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/498073/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/31998 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/2970 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-08-070 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-08-070/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46232 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)