Vulnerabilities > Sophos > WEB Appliance > 4.3.9.1

DATE CVE VULNERABILITY TITLE RISK
2023-06-30 CVE-2023-33336 Cross-site Scripting vulnerability in Sophos web Appliance 4.3.9.1
Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.
network
low complexity
sophos CWE-79
4.8
2023-04-04 CVE-2020-36692 Cross-site Scripting vulnerability in Sophos web Appliance
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.
network
low complexity
sophos CWE-79
5.4
2023-04-04 CVE-2022-4934 Command Injection vulnerability in Sophos web Appliance
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.
network
low complexity
sophos CWE-77
7.2
2023-04-04 CVE-2023-1671 Command Injection vulnerability in Sophos web Appliance
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.
network
low complexity
sophos CWE-77
critical
9.8