CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33336
https://notcve.org/view.php?id=CVE-2023-33336
Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. • https://inf0seq.github.io/cve/2023/04/30/Cross-site-scripting-%28XSS%29-in-Sophos-Web-Appliance-4.1.1-0.9.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36692
https://notcve.org/view.php?id=CVE-2020-36692
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4934
https://notcve.org/view.php?id=CVE-2022-4934
A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 96%CPEs: 1EXPL: 5CVE-2023-1671 – Sophos Web Appliance Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-1671
A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. Sophos Web Appliance version 4.3.10.4 suffers from a pre-authentication command injection vulnerability. Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution. • https://www.exploit-db.com/exploits/51396 https://github.com/W01fh4cker/CVE-2023-1671-POC https://github.com/ohnonoyesyes/CVE-2023-1671 https://github.com/behnamvanda/CVE-2023-1671 http://packetstormsecurity.com/files/172016/Sophos-Web-Appliance-4.3.10.4-Command-Injection.html https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9523
https://notcve.org/view.php?id=CVE-2017-9523
The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. El producto Sophos Web Appliance versiones anteriores a 4.3.2, presenta un problema de tipo XSS en la página de redireccionamiento FTP, también se conoce como NSWA-1342. • http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.2.html http://www.securityfocus.com/bid/99016 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •