Reflected XSS Vulnerability in Sophos Email Appliance
CVE-2021-36806
4.7MEDIUM
Summary
A reflected XSS vulnerability in Sophos Email Appliance permits attackers to craft a malicious link that redirects users to an error page. When recipients click on such links, they unknowingly expose themselves to potential security threats, as the link may execute arbitrary scripts. This issue affects all versions of Sophos Email Appliance released prior to version 4.5.3.4, highlighting the need for timely updates to mitigate such risks.
Affected Version(s)
Sophos Email Appliance 4.5.3.3
References
CVSS V3.1
Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Jaaziel Sam Carlos