Security Advisory

CVE-2022-4901

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-03-01 00:00:00

Last updated 2025-03-07 20:41:28

Assigner Sophos

State PUBLISHED

Description

Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.

← Browse all CVEs View on cve.org ↗