Stored XSS Vulnerabilities in Sophos Connect by Sophos
CVE-2022-4901

6.1MEDIUM

Key Information:

Vendor: Sophos
Status: Sophos Connect Client
Vendor: CVE Published:; 1 March 2023

Summary

Multiple stored XSS vulnerabilities in Sophos Connect allow for the execution of malicious JavaScript code in the local user interface. This occurs through a compromised VPN configuration that must be manually loaded by the victim. Users of affected older versions are urged to upgrade to mitigate potential risks associated with these vulnerabilities.

Affected Version(s)

Sophos Connect Client < 2.2.90

References

https://www.sophos.com/en-us/security-advisories/sophos-s...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 1, 2023
Vulnerability Reserved
Feb 3, 2023