Vulnerabilities > Sophos > WEB Appliance > 4.3.2.1

DATE CVE VULNERABILITY TITLE RISK
2023-04-04 CVE-2020-36692 Cross-site Scripting vulnerability in Sophos web Appliance
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.
network
low complexity
sophos CWE-79
5.4
2023-04-04 CVE-2022-4934 Command Injection vulnerability in Sophos web Appliance
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.
network
low complexity
sophos CWE-77
7.2
2023-04-04 CVE-2023-1671 Command Injection vulnerability in Sophos web Appliance
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
network
low complexity
sophos CWE-77
critical
9.8