CVE-2008-4918

Name of the Vulnerable Software and Affected Versions SonicWALL SonicOS Enhanced versions prior to 4.0.1.1

Description The issue allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering. This occurs because the content filtering system's block page does not properly handle the input, leading to a cross-site scripting (XSS) vulnerability. This can be used for "universal website hijacking."

Recommendations For versions prior to 4.0.1.1, update to version 4.0.1.1 or later to resolve the issue.