Description
A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- SonicWall / Email Security10.0.34.8215 and earlier versions – 10.0.34.8215 and earlier versions
- SonicWall / Email Security10.0.34.8223 and earlier versions – 10.0.34.8223 and earlier versions