Medium severity6.1NVD Advisory· Published Feb 17, 2016· Updated May 6, 2026

CVE-2016-2046

Description

Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Sophos/Unified Threat Management Software
cpe:2.3:a:sophos:unified_threat_management_software:*:*:*:*:*:*:*:*
Range: <=9.351
Securepoint/UTMllm-fuzzy
Range: <9.353

Patches

Vulnerability mechanics

References

packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.htmlnvdExploitThird Party Advisory
seclists.org/fulldisclosure/2016/Feb/60nvdExploitThird Party Advisory
www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/nvdExploitThird Party Advisory
www.securitytracker.com/id/1035048nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000