Web Appliance Security Vulnerabilities and Issues — Web Appliance CVE List

Lucene search

SophosWeb Appliance

3 matches found

CVE•added 2017/03/30 5:59 p.m.•46 views

CVE-2017-6184

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.

6.5CVSS5.6AI score0.01163EPSS

CVE•added 2017/06/09 12:29 a.m.•39 views

CVE-2017-9523

The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.

6.1CVSS5.9AI score0.00119EPSS

CVE•added 2023/04/04 10:15 a.m.•35 views

CVE-2020-36692

A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.

6.5CVSS5.3AI score0.00197EPSS