Vulnerabilities > Sophos > XG Firewall > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-20 | CVE-2018-16116 | SQL Injection vulnerability in Sophos Sfos 17.0.8 SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter. | 6.5 |
| 2018-01-12 | CVE-2017-18014 | Cross-site Scripting vulnerability in Sophos Sfos 17.0 An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. | 4.3 |