CVE-2022-4901

CVSS V2 None CVSS V3 None
Description
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.
Overview
  • CVE ID
  • CVE-2022-4901
  • Assigner
  • security-alert@sophos.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-03-01T19:15:25
  • Last Modified Date
  • 2023-03-09T01:06:23
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:sophos:connect:*:*:*:*:*:*:*:* 1 OR 2.2.90
References
History
Created Old Value New Value Data Type Notes
2023-04-17 05:49:40 Added to TrackCVE
2023-04-17 05:49:42 Weakness Enumeration new