Self-XSS Vulnerability in Stormshield Network Security Web Server
CVE-2018-20850

8.2HIGH

Key Information:

Vendor: Stormshield
Status: Stormshield Network Security
Vendor: CVE Published:; 4 July 2019

🔔 Create Stormshield Vulnerability Alert

What is CVE-2018-20850?

A self-XSS vulnerability exists in the command line interface of the Stormshield Network Security web server. This issue affects versions 2.0.0 to 2.13.0 and 3.0.0 to 3.7.1, potentially allowing an attacker to execute scripts on a user's session. It underscores the importance of user input sanitization and awareness of command line interactions to maintain security.

References

https://advisories.stormshield.eu/2018-006/

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2019
Vulnerability Reserved
Jul 4, 2019

CVE-2018-20850 Data

JSON