Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject arbitrary web script or HTML via the (1) ipFamily parameter to corporate/webpages/trafficdiscovery/LiveConnections.jsp; the (2) ipFamily, (3) applicationname, or (4) username parameter to corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp; or the (5) X-Forwarded-For HTTP header.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款Sophos Cyberoam产品跨站脚本漏洞
Vulnerability Description
Sophos Cyberoam CR100iNG UTM、CR35iNG UTM和CR35iNG UTM都是英国Sophos公司的运行有CyberoamOS操作系统的新一代防火墙,它提供在线应用程序检测和控制、网页过滤、HTTPS检查、入侵防护等功能。 多款Sophos Cyberoam产品中存在跨站脚本漏洞,该漏洞源于corporate/webpages/trafficdiscovery/LiveConnections.jsp脚本没有充分过滤‘ipFamily’参数;corporate/webpages
CVSS Information
N/A
Vulnerability Type
N/A