MEDIUM
StormShield
CVE published 2026-06-01
CVE-2026-8474
A reflected cross-site scripting (XSS) vulnerability exists in the login API of Stormshield Network Security (SNS) appliances. Affected versions include 4.3.0 through 4.3.41, 4.8.0 through 4.8.15, and 5.0.0 through 5.0.5. An attacker can execute a script on a victim's machine via the login API, enabling theft of cookies or other sensitive data, modification of page behavior, and redirection to malicious w [truncated]