CVE-2024-26156

Medium CVSS 4.8

Overview

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0
are vulnerable to reflected cross site scripting (XSS) attacks in the
method parameter. The ETIC RAS web server uses dynamic pages that gets
their input from the client side and reflects the input in its response
to the client.

CWE: CWE-79 Published: 2025-01-17T17:15:11.533

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 4.8 (MEDIUM)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags