CVE-2008-4918

N/A Unknown
Published: November 04, 2008 Modified: April 23, 2026
View on NVD

Description

Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://secunia.com/advisories/32498
Source: cve@mitre.org
Not Applicable
http://securityreason.com/securityalert/4556
Source: cve@mitre.org
Third Party Advisory
http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/
Source: cve@mitre.org
Third Party Advisory
http://www.securityfocus.com/archive/1/497948/100/0/threaded
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/497958/100/0/threaded
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/497968/100/0/threaded
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/497989/100/0/threaded
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/498043/100/0/threaded
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/498073/100/0/threaded
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/31998
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf
Source: cve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2008/2970
Source: cve@mitre.org
Permissions Required
http://www.zerodayinitiative.com/advisories/ZDI-08-070
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-08-070/
Source: cve@mitre.org
Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/46232
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://secunia.com/advisories/32498
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://securityreason.com/securityalert/4556
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/archive/1/497948/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/497958/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/497968/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/497989/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/498043/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/498073/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/31998
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2008/2970
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://www.zerodayinitiative.com/advisories/ZDI-08-070
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-08-070/
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/46232
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry

30 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
25.7%
96th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79

Affected Vendors

sonicwall

Related CVEs

CVE-2026-7513 8.8
CVE-2026-7512 8.8
CVE-2026-5656 7.0
CVE-2026-5405 7.8
CVE-2026-5404 4.7