CVE-2016-2046 (unified_threat_management_software)

Cross-site scripting (XSS) vulnerability in the Nessus Web UI in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

Source: CVE-2016-2046 (unified_threat_management_software)