CVE-2020-11711

Read Time:45 Second

An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim’s browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.

DOGE Worker’s Code Supports NLRB Whistleblower

Regulating AI Behavior with a Hypervisor

Verizon’s DBIR Reveals 34% Jump in Vulnerability Exploitation

FBI Reveals “Staggering” $16.6bn Lost to Cybercrime in 2024

Vulnerability Exploitation and Credential Theft Now Top Initial Access Vectors

US Data Breach Victim Count Surges 26% Annually

M&S Grapples with Cyber Incident Affecting In-Store Services

Dutch Warn of “Whole of Society” Russian Cyber-Threat

UK Romance Scams Spike 20% as Online Dating Grows

USN-7454-1: libarchive vulnerabilities

USN-7453-1: Linux kernel (Real-time) vulnerabilities

USN-7452-1: Linux kernel vulnerabilities

USN-7451-1: Linux kernel vulnerabilities

USN-7450-1: Linux kernel vulnerabilities

USN-7449-1: Linux kernel vulnerabilities