Web Appliance Security Vulnerabilities and Issues — Web Appliance CVE List

Lucene search

SophosWeb Appliance

3 matches found

CVE•added 2014/03/18 5:2 p.m.•56 views

CVE-2013-2641

Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.

5CVSS6.6AI score0.81816EPSS

CVE•added 2014/03/18 5:2 p.m.•42 views

CVE-2013-2642

Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via sh...

9.3CVSS7.3AI score0.18086EPSS

CVE•added 2014/03/18 5:2 p.m.•42 views

CVE-2013-2643

Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, o...

4.3CVSS5.7AI score0.00679EPSS