CVE-2026-27756 MEDIUM

CVE-2026-27756: SODOLA SL902-SWTGW124AS <= 200.1.20 Reflected XSS in Management Interface

Vendor Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)
Product SODOLA SL902-SWTGW124AS
Weakness CWE-79 · XSS
Published February 27, 2026
Last update March 2, 2026
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where user input is not properly encoded before output. Attackers can craft malicious URLs that execute arbitrary JavaScript in the web interface when visited by authenticated users.

Key dates

02Disclosure timeline

February 27, 2026 CVE published
March 2, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-0476 Blood Bank & Donor Management request-received-bydonar.php cross site scripting CVE-2025-47570 WordPress WooCommerce Photo Reviews plugin <= 1.3.13 - Cross Site Scripting (XSS) vulnerability CVE-2024-43986 WordPress E-cab taxi booking manager plugin <=1.0.9 - Cross Site Scripting (XSS) vulnerability CVE-2022-46817 WordPress Flyzoo Chat Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS) CVE-2026-5231 WP Statistics <= 14.16.4 - Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter