http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.2.html

99016

According to its self-reported version number, the Sophos Web Appliance software running on the remote host is prior to 4.3.2. It is, therefore, affected by a reflected cross-site scripting (XSS) vulnerability in the FTP redirect page (ftp_redirect.php) due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.

CVE-2017-9523

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins