CVE-2007-4512Cross-site Scripting in Sophos Anti-virus

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.7%
top 28.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sophos Anti-virus
Timeline
PublishedSep 10
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDsophos/anti-virus6.5.4_r2+1

Patches

Patch: www.securityfocus.comPatch: www.sophos.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-rggf-g8fq-cf6h: Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 62022-05-01
CVEList
CVE-2007-4512: Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 62007-09-10
CVE-2007-4512 — Cross-site Scripting in Sophos | cvebase