Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 01/03/2023 Updated: 09/03/2023

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 0

Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sophos connect

Placing MSI for scripting

#Script written by Tech Eagles (Bristol, TN | Panama City, FL) Version: 15 #Author: Shaun Copas #Purpose: To upgrade Sophos Connect clients to version 22901104 (v22 MR1)per Sophos suggestion Older clients contain known vulnerabilities #For OS: Windows x64 and x86 #Known vulnerabilities in older clients: CVE-2022-48309, CVE-2022-48310, CVE-2022-4901 #Sophos Connect Upgrad

CWE-79 https://www.sophos.com/en-us/security-advisories/sophos-sa-20230301-scc-csrf https://nvd.nist.gov https://github.com/scopas1293/SophosConnectUpgradeScript

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-4901

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect