CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-3968

Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject arbitrary web script or HTML via the (1) ipFamily parameter to corporate/webpages/trafficdiscovery/LiveConnections.jsp; the (2) ipFamily, (3) applicationname, or (4) username parameter to corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp; or the (5) X-Forwarded-For HTTP header.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.7%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2016-3968

Sophos » Cyberoam Cr100ing Utm » Version: N/A

cpe:2.3:h:sophos:cyberoam_cr100ing_utm:-
Sophos » Cyberoam Cr35ing Utm » Version: N/A

cpe:2.3:h:sophos:cyberoam_cr35ing_utm:-
Sophos » Cyberoam Cr100ing Utm Firmware » Version: 10.6.3_mr-1_build_503

cpe:2.3:o:sophos:cyberoam_cr100ing_utm_firmware:10.6.3_mr-1_build_503
Sophos » Cyberoam Cr35ing Utm Firmware » Version: 10.6.2_build_378

cpe:2.3:o:sophos:cyberoam_cr35ing_utm_firmware:10.6.2_build_378
Sophos » Cyberoam Cr35ing Utm Firmware » Version: 10.6.2_mr-1_build_383

cpe:2.3:o:sophos:cyberoam_cr35ing_utm_firmware:10.6.2_mr-1_build_383

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-3968

Products

Pricing

Contact Us