3 matches found
CVE-2020-36692
CVE-2020-36692 affects Sophos Web Appliance prior to 4.3.10.4. The issue is a reflected XSS in the report scheduler via a crafted POST form, requiring the victim to submit the form while logged in to SWA. This can allow execution of JavaScript in the victim’s browser. Mitigation: upgrade to 4.3.1...
CVE-2020-36692
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA...
CVE-2020-36692
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA...