CVE-2021-36806: XSS
First published: Thu Nov 30 2023(Updated: )
A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on Sophos Email Appliance older than version 4.5.3.4.
Credit: security-alert@sophos.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sophos Email Appliance | <4.5.3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-36806.
What is the severity of CVE-2021-36806?
The severity of CVE-2021-36806 is medium with a CVSS score of 6.1.
What is the affected software for CVE-2021-36806?
The affected software for CVE-2021-36806 is Sophos Email Appliance older than version 4.5.3.4.
How can the vulnerability in CVE-2021-36806 be exploited?
The vulnerability in CVE-2021-36806 can be exploited by tricking the victim into clicking a malicious link to an error page on Sophos Email Appliance.
Is there a fix available for CVE-2021-36806?
Yes, a fix is available for CVE-2021-36806 in Sophos Email Appliance version 4.5.3.4 or later.
- collector/nvd-api
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/event
- agent/description
- agent/type
- collector/mitre-cve
- source/MITRE
- vendor/sophos
- canonical/sophos email appliance