Vulnerabilities > Sophos > WEB Appliance > 3.3.4

DATE CVE VULNERABILITY TITLE RISK
2023-04-04 CVE-2020-36692 Cross-site Scripting vulnerability in Sophos web Appliance
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.
network
low complexity
sophos CWE-79
5.4
2023-04-04 CVE-2022-4934 Command Injection vulnerability in Sophos web Appliance
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.
network
low complexity
sophos CWE-77
7.2
2023-04-04 CVE-2023-1671 Command Injection vulnerability in Sophos web Appliance
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
network
low complexity
sophos CWE-77
critical
9.8
2017-06-09 CVE-2017-9523 Cross-site Scripting vulnerability in Sophos web Appliance
The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.
network
low complexity
sophos CWE-79
6.1
2017-03-30 CVE-2017-6412 Session Fixation vulnerability in Sophos web Appliance
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
network
high complexity
sophos CWE-384
8.1
2017-03-30 CVE-2017-6184 Command Injection vulnerability in Sophos web Appliance
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.
network
low complexity
sophos CWE-77
4.7
2017-03-30 CVE-2017-6183 Command Injection vulnerability in Sophos web Appliance
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.
network
low complexity
sophos CWE-77
7.2
2017-03-30 CVE-2017-6182 OS Command Injection vulnerability in Sophos web Appliance
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
network
low complexity
sophos CWE-78
critical
9.8