Unrated severityNVD Advisory· Published Nov 4, 2008· Updated Apr 23, 2026
CVE-2008-4918
CVE-2008-4918
Description
Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- securityreason.com/securityalert/4556nvdThird Party Advisory
- www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/nvdThird Party Advisory
- www.securityfocus.com/archive/1/497948/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/497958/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/497968/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/497989/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/498043/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/498073/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/31998nvdThird Party AdvisoryVDB Entry
- www.zerodayinitiative.com/advisories/ZDI-08-070nvdThird Party AdvisoryVDB Entry
- www.zerodayinitiative.com/advisories/ZDI-08-070/nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/46232nvdThird Party AdvisoryVDB Entry
- secunia.com/advisories/32498nvdNot Applicable
- www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdfnvdBroken Link
- www.vupen.com/english/advisories/2008/2970nvdPermissions Required
News mentions
0No linked articles in our index yet.