Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was discovered on Stormshield Network Security
- 4.3.0 to 4.3.41,
- 4.8.0 to 4.8.15,
- 5.0.0 to 5.0.5
It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of cookies or other sensitive data, as well as the modification of page behavior, for example, by redirecting the victim to malicious websites.
AnalysisAI
Reflected cross-site scripting in the Stormshield Network Security (SNS) appliance login API allows network-accessible attackers to inject and execute arbitrary scripts in a victim's browser session. Affected versions span three distinct release branches: 4.3.0-4.3.41, 4.8.0-4.8.15, and 5.0.0-5.0.5. Successful exploitation can result in session cookie theft, sensitive data exfiltration, or redirection to attacker-controlled sites. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Technical ContextAI
The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation - Cross-Site Scripting). Reflected XSS occurs when unsanitized user-supplied input from an HTTP request is immediately echoed back in the server's response without adequate encoding or escaping, causing the browser to interpret attacker-controlled content as executable script. The affected endpoint is the login API of the SNS web management interface, a network security appliance product by Stormshield. Because the attack surface is the authentication portal - a component that handles unauthenticated user input by design - the injection point is externally reachable without prior authentication. No CPE strings were provided in the input data; affected products are identified by vendor version ranges only.
RemediationAI
The primary remediation is to upgrade to a fixed firmware version as specified in the Stormshield advisory at https://advisories.stormshield.eu/2026-003/. Exact patched version numbers were not present in the provided data - consult the advisory directly to confirm the minimum safe version for each affected branch (4.3.x, 4.8.x, 5.0.x) before upgrading. As a compensating control where immediate patching is not possible, restrict network access to the SNS web management interface using firewall rules or management VLAN segmentation so that only trusted administrative hosts can reach the login API endpoint; this limits the pool of potential link-delivery targets. User awareness training to avoid clicking unsolicited links to the appliance login page provides a secondary reduction in reflected XSS risk. Note that access restriction to the management interface is a recommended baseline hardening step regardless of this vulnerability.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33586
GHSA-72g9-78vw-8w8h