Reflected cross site scripting (XSS) vulnerability exists in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.
sophos web appliance 4.3.9.1