Stored XSS Vulnerability in Sophos UTM Affecting Administrators
CVE-2021-25273
4.8MEDIUM
Summary
A stored cross-site scripting (XSS) vulnerability exists in Sophos UTM that affects the administrator's ability to view details of quarantined emails. This vulnerability allows attackers to execute malicious scripts within the context of an administrative session, posing a risk to the security integrity of the system. It is crucial for users of affected versions to update to version 9.706 or later to mitigate this security risk.
Affected Version(s)
Sophos UTM <= 9.705
References
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Daniel Hoffmann, usd AG