Unrated severityNVD Advisory· Published Feb 20, 2008· Updated Apr 23, 2026

CVE-2008-0838

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page.

Affected products

Sophos/Es1000
cpe:2.3:a:sophos:es1000:2.1.0.0:*:*:*:*:*:*:*
Sophos/Es4000
cpe:2.3:a:sophos:es4000:2.1.0.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/27813nvdExploit
secunia.com/advisories/28961nvdVendor Advisory
securityreason.com/securityalert/3673nvd
www.infigo.hr/en/in_focus/advisories/INFIGO-2008-02-13nvd
www.securityfocus.com/archive/1/488206/100/0/threadednvd
www.securitytracker.com/idnvd
www.sophos.com/support/knowledgebase/article/34733.htmlnvd
www.vupen.com/english/advisories/2008/0574nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.012
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000