CVE-2018-5280 — Cross-site Scripting in Sonicos

Severity

5.4MEDIUMNVD

EPSS

0.3%

top 46.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJan 8

Latest updateMay 14

Description

SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

▶NVDsonicwall/sonicos5 versions+4

GHSA

GHSA-8x78-9962-6w9r: SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens↗2022-05-14

▶

CVEList

CVE-2018-5280: SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens↗2018-01-08

▶