CVE-2008-4918 Information

Description

Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1 as used in SonicWALL Pro 2040 and TZ 180 and 190 allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering which is not properly handled in the CFS block page aka \universal website hijacking.\

Reference

http://secunia.com/advisories/32498 http://securityreason.com/securityalert/4556 http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/ http://www.securityfocus.com/archive/1/497948/100/0/threaded http://www.securityfocus.com/archive/1/497958/100/0/threaded http://www.securityfocus.com/archive/1/497968/100/0/threaded http://www.securityfocus.com/archive/1/497989/100/0/threaded http://www.securityfocus.com/archive/1/498043/100/0/threaded http://www.securityfocus.com/archive/1/498073/100/0/threaded http://www.securityfocus.com/bid/31998 http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf http://www.vupen.com/english/advisories/2008/2970 http://www.zerodayinitiative.com/advisories/ZDI-08-070 http://www.zerodayinitiative.com/advisories/ZDI-08-070/ https://exchange.xforce.ibmcloud.com/vulnerabilities/46232