CVE-2023-41165

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer with malicious JavaScript elements that can result in data theft.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
stormshieldstormshield_network_security
3.7.0 ≤
𝑥
< 3.7.39
stormshieldstormshield_network_security
3.10.0 ≤
𝑥
< 3.11.27
stormshieldstormshield_network_security
4.0.0 ≤
𝑥
< 4.3.22
stormshieldstormshield_network_security
4.4.0 ≤
𝑥
< 4.6.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://advisories.stormshield.eu/2023-020/
https://advisories.stormshield.eu/2023-020/