This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote host has a web application installed that is affected by a
cross-site scripting vulnerability.
The version of Sophos Web Protection installed on the remote host is
affected by a cross-site scripting vulnerability in the 'msg' parameter
of the '/end-user-/errdoc.php' script. By exploiting this flaw, a
remote, unauthenticated attacker can execute arbitrary script code in a
Note that the installed version of Sophos Web Protection is also likely
to be affected by other vulnerabilities, though Nessus has not tested
See also :
Upgrade to Sophos Web Protection Appliance 18.104.22.168 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true