CVE-2016-2046

Name of the Vulnerable Software and Affected Versions SOPHOS UTM versions prior to 9.353

Description A cross-site scripting (XSS) issue exists in the UserPortal page, allowing remote attackers to inject arbitrary web script or HTML via the lang parameter. This enables attackers to potentially execute malicious scripts on the client-side.

Recommendations For versions prior to 9.353, update to version 9.353 or later to resolve the issue. As a temporary workaround, consider restricting access to the UserPortal page or avoiding the use of the lang parameter until the update is applied.