CVE-2026-8474 – Possible to run a Cross Site Scripting request on the login API available on Stormshield SNS appliances.

CVE ID :CVE-2026-8474

Published : June 1, 2026, 9:16 a.m. | 1 hour, 16 minutes ago

Description :A vulnerability was discovered on Stormshield Network Security 

* 4.3.0 to 4.3.41, 
* 4.8.0 to 4.8.15, 
* 5.0.0 to 5.0.5

It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim’s machine. The risks include the theft of cookies or other sensitive data, as well as the modification of page behavior, for example, by redirecting the victim to malicious websites.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-49328 – Apache Fesod (Incubating): Improper validation of user-supplied URLs leading to SSRF

CVE-2026-25600 – Credential Exposure Vulnerability in Trac PDBM

CVE-2026-25599 – Missing authentication and clear‑text data transmission affecting Orca heat pumps

CVE-2026-10250 – itsourcecode Online Blood Bank Management System campsdetails.php sql injection