Reflected XSS Vulnerability in Sophos Email Appliance
CVE-2021-36806

4.7MEDIUM

Key Information:

Vendor: Sophos
Status: Sophos Email Appliance
Vendor: CVE Published:; 30 November 2023

What is CVE-2021-36806?

A reflected XSS vulnerability in Sophos Email Appliance permits attackers to craft a malicious link that redirects users to an error page. When recipients click on such links, they unknowingly expose themselves to potential security threats, as the link may execute arbitrary scripts. This issue affects all versions of Sophos Email Appliance released prior to version 4.5.3.4, highlighting the need for timely updates to mitigate such risks.

Affected Version(s)

Sophos Email Appliance 4.5.3.3

References

https://community.sophos.com/email-appliance/b/blog/posts...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2023
Vulnerability Reserved
Jul 19, 2021

Credit

Jaaziel Sam Carlos