CVE-2023-41165

EUVD-2023-45683
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer with malicious JavaScript elements that can result in data theft.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
stormshieldstormshield_network_security
3.7.0 ≤
𝑥
< 3.7.39
stormshieldstormshield_network_security
3.10.0 ≤
𝑥
< 3.11.27
stormshieldstormshield_network_security
4.0.0 ≤
𝑥
< 4.3.22
stormshieldstormshield_network_security
4.4.0 ≤
𝑥
< 4.6.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://advisories.stormshield.eu/2023-020/
https://advisories.stormshield.eu/2023-020/