Stored XSS Vulnerabilities in Sophos Connect by Sophos
CVE-2022-4901
6.1MEDIUM
Summary
Multiple stored XSS vulnerabilities in Sophos Connect allow for the execution of malicious JavaScript code in the local user interface. This occurs through a compromised VPN configuration that must be manually loaded by the victim. Users of affected older versions are urged to upgrade to mitigate potential risks associated with these vulnerabilities.
Affected Version(s)
Sophos Connect Client < 2.2.90
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved