Security Advisory

CVE-2020-36692

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-04-04 00:00:00

Last updated 2025-02-11 14:27:36

Assigner Sophos

State PUBLISHED

Description

A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.

← Browse all CVEs View on cve.org ↗