_________________________________________ Security Advisory _________________________________________ _________________________________________ Severity: Medium Title: SonicWALL SSL-VPN 200 Cross-Site Scripting Vulnerability Date: 13.09.2006 / Update: 03.07.2007 Author: Nikolas Sotiriu (nsotiriu (at) sotiriu (dot) de) Vendor: SonicWALL (http://www.sonicwall.com) Affected Products: SonicWALL SSL-VPN 200 1.5.0.x (maybe older) Not Affected Products: SonicWALL SSL-VPN 200 >= 2.0.0.1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Description: ------------ The "err" variable of the Login Page is not correctly checked for Analysis: --------- Phishing of Username and Password could be possible Vendor Response: ---------------- Version 2.0.0.1 Release Notes: 46043: Symptom: It is possible to embed