Vulnerabilities > Sophos > WEB Appliance > 4.3.2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-04 | CVE-2020-36692 | Cross-site Scripting vulnerability in Sophos web Appliance A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA. | 5.4 |
2023-04-04 | CVE-2022-4934 | Command Injection vulnerability in Sophos web Appliance A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code. | 7.2 |
2023-04-04 | CVE-2023-1671 | Command Injection vulnerability in Sophos web Appliance A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. | 9.8 |