CVE-2022-3709 (xg_firewall_firmware)

A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall older than version 19.5 GA.

Source