CVE-2024-22397Cross-site Scripting in Sonicos

CWE-79Cross-site Scripting3 documents3 sources
Severity
8.3HIGHNVD
EPSS
0.2%
top 53.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sonicwall Sonicos
Timeline
PublishedMar 14

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:LExploitability: 1.7 | Impact: 6.0

Affected Packages1 packages

CVEListV5sonicwall/sonicos7.0.1-5145 and earlier versions, 7.1.1-7047 and earlier versions+1

🔴Vulnerability Details

2
GHSA
GHSA-x7hw-jwrw-qw78: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attack2024-03-14
CVEList
CVE-2024-22397: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attack2024-03-14
CVE-2024-22397 — Cross-site Scripting in Sonicos | cvebase