Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
SophosWeb Appliance

4 matches found

CVE
CVEadded 2023/04/04 10:15 a.m.284 views

CVE-2023-1671

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.

9.8CVSS9.6AI score0.9429EPSS
CVE
CVEadded 2023/06/30 2:15 a.m.42 views

CVE-2023-33336

Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.

4.8CVSS5.1AI score0.00033EPSS
CVE
CVEadded 2023/04/04 10:15 a.m.40 views

CVE-2022-4934

A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.

7.2CVSS7.4AI score0.00133EPSS
CVE
CVEadded 2023/04/04 10:15 a.m.35 views

CVE-2020-36692

A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.

6.5CVSS5.3AI score0.00197EPSS