Back to search
CVE-2024-22397
Published: Mar 14, 2024
Modified: Mar 27, 2025
PUBLISHED
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code.
| Vendor | Product | Versions |
|---|---|---|
SonicWall | SonicOS | affected 7.0.1-5145 and earlier versionsaffected 7.1.1-7047 and earlier versions |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now