Reflected XSS Vulnerability in Sophos Web Appliance
CVE-2020-36692
5.4MEDIUM
Summary
A reflected XSS vulnerability exists in the report scheduler of Sophos Web Appliance, allowing attackers to execute JavaScript in a victim's browser. This occurs when a victim submits a maliciously crafted form while logged in to the appliance. Users of Sophos Web Appliance versions prior to 4.3.10.4 should take immediate action to update their software to mitigate the risk.
Affected Version(s)
Sophos Web Appliance < 4.3.10.4
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved