CVE-2024-26154

Medium CVSS 4.8

Overview

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0
are vulnerable to reflected cross site scripting in the appliance site
name. The ETIC RAS web server saves the site name and then presents it
to the administrators in a few different pages.

CWE: CWE-79 Published: 2025-01-17T17:15:11.147

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 4.8 (MEDIUM)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags