漏洞关键信息 漏洞名称: SODOLA SL902-SWTGW124AS <= 200.1.20 Reflected XSS in Management Interface 严重性: MEDIUM 日期: 2023-02-27 CVE编号: CVE-2022-45194 CWE编号: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') CVSS v4分数: 4.3 AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N 参考链接: - SODOLA Product Webpage 发现者: Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc. 描述: SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where user input is not properly encoded before output. Attackers can craft malicious URLs that execute arbitrary JavaScript in the web interface when visited by authenticated users.