CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33336
https://notcve.org/view.php?id=CVE-2023-33336
30 Jun 2023 — Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. • https://inf0seq.github.io/cve/2023/04/30/Cross-site-scripting-%28XSS%29-in-Sophos-Web-Appliance-4.1.1-0.9.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 95%CPEs: 1EXPL: 7CVE-2023-1671 – Sophos Web Appliance Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-1671
04 Apr 2023 — A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. Sophos Web Appliance version 4.3.10.4 suffers from a pre-authentication command injection vulnerability. Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution. • https://packetstorm.news/files/id/172016 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36692
https://notcve.org/view.php?id=CVE-2020-36692
04 Apr 2023 — A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4934
https://notcve.org/view.php?id=CVE-2022-4934
04 Apr 2023 — A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •