This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.
The remote host is running a web application that is affected by a
cross-site scripting vulnerability.
The Sophos Web Protection application running on the remote host is
affected by a cross-site scripting (XSS) vulnerability in the
/end-user-/errdoc.php script due to improper sanitization of
user-supplied input passed to the 'msg' parameter. An unauthenticated,
remote attacker can exploit this, via a specially crafted request, to
execute arbitrary script code in a user's browser session.
Note that the application is reportedly affected by additional
vulnerabilities; however, this plugin has not tested for them.
See also :
Upgrade to Sophos Web Protection Appliance version 126.96.36.199 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true