Stored XSS Vulnerability in Sophos UTM Affecting Administrators
CVE-2021-25273

4.8MEDIUM

Key Information:

Vendor
Sophos
Vendor
CVE Published:
29 July 2021

Summary

A stored cross-site scripting (XSS) vulnerability exists in Sophos UTM that affects the administrator's ability to view details of quarantined emails. This vulnerability allows attackers to execute malicious scripts within the context of an administrative session, posing a risk to the security integrity of the system. It is crucial for users of affected versions to update to version 9.706 or later to mitigate this security risk.

Affected Version(s)

Sophos UTM <= 9.705

References

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Daniel Hoffmann, usd AG
.