Vulnerabilities > Sophos > WEB Appliance > 4.3.1.2

DATE CVE VULNERABILITY TITLE RISK
2023-04-04 CVE-2020-36692 Cross-site Scripting vulnerability in Sophos web Appliance
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.
network
low complexity
sophos CWE-79
5.4
2023-04-04 CVE-2022-4934 Command Injection vulnerability in Sophos web Appliance
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.
network
low complexity
sophos CWE-77
7.2
2023-04-04 CVE-2023-1671 Command Injection vulnerability in Sophos web Appliance
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
network
low complexity
sophos CWE-77
critical
9.8
2017-06-09 CVE-2017-9523 Cross-site Scripting vulnerability in Sophos web Appliance
The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.
network
low complexity
sophos CWE-79
6.1