CVE-2020-5142
MEDIUMSonicOS < 5.9.1.13, < 6.5.4.4 - Unauthenticated Stored Cross-Site Scripting in SSLVPN Web Interface
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2020-5142. PoCs published by hackerlawyer.
AI-analyzed exploit summary The repository contains only a vague README with no technical details or exploit code, merely stating an XSS vulnerability without proof or analysis. It lacks any functional PoC, patch analysis, or HTTP request examples.
Description
A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
Exploits (1)
The repository contains only a vague README with no technical details or exploit code, merely stating an XSS vulnerability without proof or analysis. It lacks any functional PoC, patch analysis, or HTTP request examples.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N