vendor:
Cyberoam Firewall
by:
Bhadresh Patel
6,1
CVSS
MEDIUM
Cross-site scripting (XSS)
79
CWE
Product Name: Cyberoam Firewall
Affected Version From: <= Firmware Version 10.6.4
Affected Version To: <= Firmware Version 10.6.4
Patch Exists: YES
Related CWE: CVE-2016-9834
CPE: a:sophos:cyberoam_firewall
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2017
Sophos Cyberoam – Cross-site scripting (XSS) vulnerability
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities catalogued by Symantec as of 2007. Their effect may range from a minor annoyance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.
Mitigation:
The best way to mitigate XSS attacks is to use a web application firewall (WAF) to detect and block malicious requests. Additionally, developers should use input validation and output encoding to prevent malicious scripts from being executed.
