CVE-2023-1671

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code...

CVE-2022-4934

A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code...

PT-2023-2880 · Sophos · Sophos Web Appliance

Name of the Vulnerable Software and Affected Versions: Sophos Web Appliance versions older than 4.3.10.4 Description: A reflected XSS via POST vulnerability in the report scheduler allows execution of JavaScript code in the victim's browser via a malicious form that must be manually submitted by...

CVE-2022-4934

A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code...

CVE-2020-36692

A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA...