CVE-2023-41165Cross-site Scripting in Network Security

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.8MEDIUMNVD
EPSS
0.6%
top 31.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Stormshield Network Security
Timeline
PublishedFeb 29

Description

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer with malicious JavaScript elements that can result in data theft.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-vwgp-x2rf-chq4: An issue was discovered in Stormshield Network Security (SNS) 32024-02-29
CVEList
CVE-2023-41165: An issue was discovered in Stormshield Network Security (SNS) 32023-12-25

📋Vendor Advisories

1
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: UI (CKEditor) — CVE-2021-411652023-10-15
CVE-2023-41165 — Cross-site Scripting | cvebase