Reflected XSS Vulnerability in Sophos Email Appliance
CVE-2021-36806

4.7MEDIUM

Key Information:

Vendor
Sophos
Vendor
CVE Published:
30 November 2023

Summary

A reflected XSS vulnerability in Sophos Email Appliance permits attackers to craft a malicious link that redirects users to an error page. When recipients click on such links, they unknowingly expose themselves to potential security threats, as the link may execute arbitrary scripts. This issue affects all versions of Sophos Email Appliance released prior to version 4.5.3.4, highlighting the need for timely updates to mitigate such risks.

Affected Version(s)

Sophos Email Appliance 4.5.3.3

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jaaziel Sam Carlos
.