Improper Neutralization of Input During Web Page Generation (βCross-site Scriptingβ) in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall βadminβ user to store and execute arbitrary JavaScript code.
[
{
"defaultStatus": "unknown",
"platforms": [
"Gen7"
],
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "7.0.1-5145 and earlier versions"
},
{
"status": "affected",
"version": "7.1.1-7047 and earlier versions"
}
]
}
]