PT-2024-24310 · Stormshield · Stormshield Network Security
Yann Cam
+1
·
Published
2024-07-15
·
Updated
2024-10-30
·
CVE-2024-31946
CVSS v3.1
4.2
Medium
| Vector | AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Stormshield Network Security (SNS) versions 3.7.0 through 3.7.41
Stormshield Network Security (SNS) versions 3.10.0 through 3.11.29
Stormshield Network Security (SNS) versions 4.0 through 4.3.24
Stormshield Network Security (SNS) versions 4.4.0 through 4.7.4
Description
A user with write access to the email alerts page in Stormshield Network Security (SNS) can create an alert email containing malicious JavaScript. This malicious JavaScript is executed by the template preview.
Recommendations
For versions 3.7.0 through 3.7.41, update to version 3.7.42 to resolve the issue.
For versions 3.10.0 through 3.11.29, update to version 3.11.30 to resolve the issue.
For versions 4.0 through 4.3.24, update to version 4.3.25 to resolve the issue.
For versions 4.4.0 through 4.7.4, update to version 4.7.5 to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Stormshield Network Security