Unrated severityNVD Advisory· Published Nov 4, 2008· Updated Jun 16, 2026
CVE-2008-4918
CVE-2008-4918
Description
Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:o:sonicwall:sonicos_enhanced:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:sonicwall:sonicos_enhanced:*:*:*:*:*:*:*:*range: <4.0.1.1
- (no CPE)range: <4.0.1.1
- Range: <4.0.1.1
- Range: <4.0.1.1
Patches
Vulnerability mechanics
References
15- securityreason.com/securityalert/4556nvdThird Party Advisory
- www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/nvdThird Party Advisory
- www.securityfocus.com/archive/1/497948/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/497958/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/497968/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/497989/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/498043/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/498073/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/31998nvdThird Party AdvisoryVDB Entry
- www.zerodayinitiative.com/advisories/ZDI-08-070nvdThird Party AdvisoryVDB Entry
- www.zerodayinitiative.com/advisories/ZDI-08-070/nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/46232nvdThird Party AdvisoryVDB Entry
- secunia.com/advisories/32498nvdNot Applicable
- www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdfnvdBroken Link
- www.vupen.com/english/advisories/2008/2970nvdPermissions Required
News mentions
0No linked articles in our index yet.