EIP-2026-102019

PRE-CVE

Sonicwall SonicOS 6.5.4 - 'Common Name' Cross-Site Scripting (XSS)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102019. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This exploit demonstrates a non-persistent XSS vulnerability in SonicWall SonicOS 6.5.4, where the 'Common Name' field in the Decryption Service module fails to sanitize user input, allowing script execution in the browser context.

Description

Sonicwall SonicOS 6.5.4 - 'Common Name' Cross-Site Scripting (XSS)

Exploits (1)

exploitdb WORKING POC

by Vulnerability-Lab · textwebappshardware

https://www.exploit-db.com/exploits/50485

View Code ZIP pw:eip

This exploit demonstrates a non-persistent XSS vulnerability in SonicWall SonicOS 6.5.4, where the 'Common Name' field in the Decryption Service module fails to sanitize user input, allowing script execution in the browser context.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: SonicWall SonicOS 6.5.4

Auth required

Prerequisites: Low-privileged user account · Access to the Decryption Service module

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026