CVE-2026-8474
Possible to run a Cross Site Scripting request on the login API available on Stormshield SNS appliances.
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
9th
A vulnerability was discovered on Stormshield Network Security * 4.3.0 to 4.3.41, * 4.8.0 to 4.8.15, * 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of cookies or other sensitive data, as well as the modification of page behavior, for example, by redirecting the victim to malicious websites.
| CWE | CWE-79 |
| Vendor | stormshield |
| Product | stormshield network security |
| Published | Jun 1, 2026 |
| Last Updated | Jun 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for stormshield stormshield network security
Be the first to know when new medium vulnerabilities affecting stormshield stormshield network security are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected Versions
StormShield / StormShield Network Security
4.3.0 ≤ 4.3.41 4.8.0 ≤ 4.8.15 5.0.0 ≤ 5.0.5