EUVD-2024-19953

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Improper neutralization in SonicOS SSLVPN portal allows attackers to execute JavaScript code.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2024-22397	14 Mar 202405:21	–	circl
CNNVD	SonicWALL SonicOS Cross-Site Scripting Vulnerability	14 Mar 202400:00	–	cnnvd
CVE	CVE-2024-22397	14 Mar 202403:23	–	cve
Cvelist	CVE-2024-22397	14 Mar 202403:23	–	cvelist
NVD	CVE-2024-22397	14 Mar 202404:15	–	nvd
Prion	Cross site scripting	14 Mar 202404:15	–	prion
SonicWall	SonicOS SSLVPN Portal Stored Cross-site Scripting Vulnerability	12 Mar 202423:18	–	sonicwall
Vulnrichment	CVE-2024-22397	14 Mar 202403:23	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "3fe271d1-ba7a-3c70-80e7-782680b0d981",
        "vendor": {
          "name": "SonicWall"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "7ee9d9fa-045f-34b9-9ddb-dc91ac43ec54",
        "product": {
          "name": "SonicOS"
        },
        "product_version": "7.0.1-5145 and earlier versions"
      },
      {
        "id": "8562a1cc-8ec9-33fd-bdde-327043455399",
        "product": {
          "name": "SonicOS"
        },
        "product_version": "7.1.1-7047 and earlier versions"
      },
      {
        "id": "877961a4-23c3-3c23-9ccc-91c76072dd4c",
        "product": {
          "name": "SonicOS"
        }
      }
    ]
  }
]

Source	Link
psirt	www.psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0005

03 Oct 2025 20:07Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.18.3

EPSS0.00233

SSVC