Sophos Web Appliance < 4.3.0 FTP Redirect Page Reflected XSS
Medium Nessus Plugin ID 100845
SynopsisThe remote host is running a web application that is affected by a reflected cross-site scripting vulnerability.
DescriptionAccording to its self-reported version number, the Sophos Web Appliance software running on the remote host is prior to 4.3.0. It is, therefore, affected by a reflected cross-site scripting (XSS) vulnerability in the FTP redirect page (ftp_redirect.php) due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
SolutionUpgrade to Sophos Web Appliance version 4.3.0 or later.