XSS Vulnerability in Sophos Web Appliance Affects Multiple Versions
CVE-2017-9523
6.1MEDIUM
Summary
A cross-site scripting (XSS) vulnerability exists in the FTP redirect page of the Sophos Web Appliance prior to version 4.3.2. This flaw allows attackers to inject malicious scripts into the web applications, potentially compromising the security of user sessions and sensitive data. Exploiting this vulnerability could lead to unauthorized access or manipulation of user information, emphasizing the need for prompt security updates to safeguard the affected installations.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved