Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webadmin interface, and execute any action available to the webadmin of the firewall (e.g., creating a new user, enabling SSH, or adding an SSH authorized key). The WAF log page will execute the "User-Agent" parameter in the HTTP POST request.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sophos XG Firewall SFOS Logging子系统跨站脚本漏洞
Vulnerability Description
Sophos XG Firewall是英国Sophos公司的一款防火墙设备。SFOS是运行在其中的一套操作系统。Logging subsystem是其中的一个日志子系统。 Sophos XG Firewall中的SFOS 17.0.3 MR3之前版本中的Logging子系统的webadmin界面的WAF日志页面存在跨站脚本漏洞。远程攻击者可利用该漏洞执行操作(例如:创建新用户、打开SSH或添加SSH授权的密钥)。
CVSS Information
N/A
Vulnerability Type
N/A