CVE-2021-25273

4.8MEDIUM

Key Information:

Vendor
Sophos
Status
Sophos Utm
Vendor
CVE Published:
29 July 2021

Summary

Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.

Affected Version(s)

Sophos UTM <= 9.705

References

https://community.sophos.com/utm-firewall/b/blog/posts/ut...
x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2021/Dec/3
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Daniel Hoffmann, usd AG
.