Javascript XSS in disclaimer

Advisory ID	CVE Number	Date discovered	Severity	Advisory revision
STORM-2023-020	CVE-2023-41165	05/10/2023	low	v1

Vulnerability details

A user who has write access to the SNS has the ability to insert a login disclaimer containing malicious JavaScript.

Impacted products

Products	Severity	Detail
Stormshield Network Security	low	SNS is impacted

Revisions

Version	Date	Description
v1	07/28/2023	Initial release
v2	10/24/2023	Public release

Stormshield Network Security

CVSS v3.1 Overall Score: 1.8

Analysis	Impacted version
The login page of the SNS administration can interpret JavaScript code. A user with write access to the SNS can include a disclaimer containing malicious JavaScript.	SNS 3.7.0 to 3.7.38 SNS 3.10.0 to 3.11.26 SNS 4.0 to 4.3.21 SNS 4.4.0 to 4.6.8

Workaround solution

Solution

If there is no login disclaimer configured, the SNS remains unaffected. However, if a disclaimer is configured, make sure it does not contain any JavaScript code.

The following versions fix this vulnerability

3.7.39
3.11.27
4.3.22
4.6.9

Attack Vector	Attack Complexity	Privileges Required	User Interaction	Scope	Confidentiality Impact	Integrity Impact	Availability impact
Local	Low	High	Required	Unchanged	Low	None	None

CVSS Base score: 2	CVSS Vector: (AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N)

Exploit Code Maturity	Remediation Level	Report Confidence
Proof of concept code	Official fix	Confirmed

CVSS Temporal score: 1.8	CVSS Vector: (AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C)

Confidentiality Requirement (CR)	Integrity Requirement (IR)	Availability Requirement (AR)
Medium	Low	Low

CVSS Environmental score: 1.8	CVSS Vector: (AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C/CR:M/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)