exploitDog

CVE-2022-4901

Опубликовано: 01 мар. 2023

Источник: nvd

CVSS3: 3.3

CVSS3: 6.1

EPSS Низкий

Описание

Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.

Ссылки

https://www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf
Vendor Advisory
https://www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sophos:connect:*:*:*:*:*:*:*:*

Версия до 2.2.90 (исключая)

EPSS

Процентиль: 41%

0.00187

Низкий

3.3 Low

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-cq42-2gfv-949c

CVSS3: 6.1

github

почти 3 года назад

Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.

EPSS

Процентиль: 41%

0.00187

Низкий

3.3 Low

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79