CVE-2024-26157

Medium CVSS 6.1

Overview

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0
are vulnerable to reflected cross site scripting (XSS) attacks in get
view method under view parameter. The ETIC RAS web server uses dynamic
pages that get their input from the client side and reflect the input in
their response to the client.

CWE: CWE-79 Published: 2025-01-17T17:15:11.697

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.1 (MEDIUM)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags