CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-4901

Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 36.1%

CVSS Severity

CVSS v3 Score 3.3

References

https://www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf
https://www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf

Products affected by CVE-2022-4901

Sophos » Connect » Version: Any

cpe:2.3:a:sophos:connect:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-4901

Products

Pricing

Contact Us