Email Security
Sign in to watchby SonicWall
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-3468 | Med | 0.31 | 4.8 | 0.00 | Mar 31, 2026 | A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code. | |
| CVE-2026-3470 | Low | 0.25 | 3.8 | 0.00 | Mar 31, 2026 | A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could exploit this issue by providing crafted input that corrupts application database. | |
| CVE-2026-3469 | Low | 0.18 | 2.7 | 0.00 | Mar 31, 2026 | A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive. | |
| CVE-2008-2162 | 0.03 | — | 0.00 | May 12, 2008 | Cross-site scripting (XSS) vulnerability in SonicWall Email Security 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the Host header in a request to a non-existent web page, which is not properly sanitized in an error page. |