Stored XSS Vulnerabilities in Sophos Connect by Sophos
CVE-2022-4901

6.1MEDIUM

Key Information:

Vendor
Sophos
Vendor
CVE Published:
1 March 2023

Summary

Multiple stored XSS vulnerabilities in Sophos Connect allow for the execution of malicious JavaScript code in the local user interface. This occurs through a compromised VPN configuration that must be manually loaded by the victim. Users of affected older versions are urged to upgrade to mitigate potential risks associated with these vulnerabilities.

Affected Version(s)

Sophos Connect Client < 2.2.90

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.