Vulnerabilities > Sophos > WEB Appliance
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-30 | CVE-2023-33336 | Cross-site Scripting vulnerability in Sophos web Appliance 4.3.9.1 Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. | 4.8 |
| 2023-04-04 | CVE-2020-36692 | Cross-site Scripting vulnerability in Sophos web Appliance A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA. | 5.4 |
| 2023-04-04 | CVE-2022-4934 | Command Injection vulnerability in Sophos web Appliance A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code. | 7.2 |
| 2023-04-04 | CVE-2023-1671 | Command Injection vulnerability in Sophos web Appliance A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. | 9.8 |
| 2017-06-09 | CVE-2017-9523 | Cross-site Scripting vulnerability in Sophos web Appliance The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. | 6.1 |
| 2017-03-30 | CVE-2017-6412 | Session Fixation vulnerability in Sophos web Appliance In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. | 8.1 |
| 2017-03-30 | CVE-2017-6184 | Command Injection vulnerability in Sophos web Appliance In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. | 4.7 |
| 2017-03-30 | CVE-2017-6183 | Command Injection vulnerability in Sophos web Appliance In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314. | 7.2 |
| 2017-03-30 | CVE-2017-6182 | OS Command Injection vulnerability in Sophos web Appliance In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. | 9.8 |
| 2017-01-28 | CVE-2016-9554 | Command Injection vulnerability in Sophos web Appliance 4.2.1.3 The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. | 7.2 |