SonicOS SSLVPN Portal Stored Cross-site Scripting Vulnerability

SonicWall Security Advisory

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall ‘admin’ user to store and execute arbitrary JavaScript code.

This vulnerability affects only SonicOS Gen7 firmware 7.0.1-5145, 7.1.1-7047 and earlier versions.
CVE: CVE-2024-22397
Last updated: March 12, 2024, 11:18 p.m.