This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote host has a web application installed that is affected by a
cross-site scripting vulnerability.
The version of Sophos Web Protection installed on the remote host is
affected by a cross-site scripting vulnerability in the 'msg' parameter
of the '/end-user-/errdoc.php' script. By exploiting this flaw, a
remote, unauthenticated attacker can execute arbitrary script code in a
Note that the installed version of Sophos Web Protection is also likely
to be affected by other vulnerabilities, though Nessus has not tested
See also :
Upgrade to Sophos Web Protection Appliance 220.127.116.11 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 66024 ()
Bugtraq ID: 58834
CVE ID: CVE-2013-2643
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.