CVE-2021-25273Cross-site Scripting in Sophos Unified Threat Management

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.8MEDIUMNVD
EPSS
0.1%
top 66.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sophos Unified Threat ManagementSophos UTM
Timeline
PublishedJul 29
Latest updateMay 24

Description

Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

CVEListV5sophos/sophos_utmunspecified9.705

🔴Vulnerability Details

2
GHSA
GHSA-4p5x-52qw-grgg: Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 92022-05-24
CVEList
CVE-2021-25273: Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 92021-07-29
CVE-2021-25273 — Cross-site Scripting in Sophos | cvebase