CVE-2024-22397

2024-03-1404:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-22397

cross-site scripting

sonicos

sslvpn

remote authentication

firewall admin user

7.6 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.7%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall ‘admin’ user to store and execute arbitrary JavaScript code.

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0005