Possible to run a Cross Site Scripting request on the...

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

A vulnerability was discovered on Stormshield Network Security

* 4.3.0 to 4.3.41,
* 4.8.0 to 4.8.15,
* 5.0.0 to 5.0.5

It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of cookies or other sensitive data, as well as the modification of page behavior, for example, by redirecting the victim to malicious websites.

Basic Information

ID CVE-2026-8474

Source airbus

Published Jun 1, 2026 at 07:47

Modified Jun 1, 2026 at 07:50

Affected Product

Vendor StormShield

Product StormShield Network Security

Version 4.3.0

Affected Versions StormShield StormShield Network Security 4.3.0
StormShield StormShield Network Security 4.8.0
StormShield StormShield Network Security 5.0.0

CWE Classification

CWE-79

References

advisories.stormshield.eu /2026-003/

{
    "lastseen": "",
    "description": "A vulnerability was discovered on Stormshield Network Security\u00a0\n\n\n\n\n\n  *  4.3.0 to 4.3.41,\u00a0\n  *  4.8.0 to 4.8.15,\u00a0\n  *  5.0.0 to 5.0.5\n\n\n\n\n\n\n\n\nIt is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of cookies or other sensitive data, as well as the modification of page behavior, for example, by redirecting the victim to malicious websites.",
    "published": "2026-06-01T07:47:54.875Z",
    "modified": "2026-06-01T07:50:04.199Z",
    "type": "cve",
    "title": "Possible to run a Cross Site Scripting request on the login API available on Stormshield SNS appliances.",
    "source": "airbus",
    "references": "https://advisories.stormshield.eu/2026-003/",
    "id": "CVE-2026-8474",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "StormShield StormShield Network Security 4.3.0\nStormShield StormShield Network Security 4.8.0\nStormShield StormShield Network Security 5.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "StormShield Network Security",
    "version": "4.3.0",
    "vendor": "StormShield",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Possible to run a Cross Site Scripting request on the login API available on Stormshield SNS appliances._CVE-2026-8474