CVE-2016-9834

Name of the Vulnerable Software and Affected Versions Sophos Cyberoam firewall devices with firmware through 10.6.4

Description The issue allows remote attackers to execute arbitrary client-side script on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of a request to the "LiveConnectionDetail.jsp" application. The applicationname and username GET parameters are improperly sanitized, allowing an attacker to inject arbitrary JavaScript into the page. This can be abused to perform a cross-site scripting attack on the user. A vulnerable URI is /corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp.

Recommendations For Sophos Cyberoam firewall devices with firmware through 10.6.4, consider restricting access to the LiveConnectionDetail.jsp application until a patch is available. As a temporary workaround, avoid using the applicationname and username parameters in the affected API endpoint.