CVE-2024-22397

2024-03-1404:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-22397

improper neutralization

input

web page generation

cross-site scripting

sonicos sslvpn

remote authenticated attacker

firewall admin user

arbitrary javascript code

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall ‘admin’ user to store and execute arbitrary JavaScript code.

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0005