- Description
- All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and reflects the input in its response to the client.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 4.8
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Secondary
- Base score
- 4.8
- Impact score
- 2.7
- Exploitability score
- 1.7
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- ics-cert@hq.dhs.gov
- CWE-79
- Hype score
- Not currently trending
CVE-2024-26156 All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. The E… https://t.co/1ddxVZCSX3
@CVEnew
17 Jan 2025
140 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2024-26156 | ETIC Telecom Remote Access Server RAS up to 4.5.0 method cross site scripting (icsa-22-307-01)) has been published on https://t.co/pNnhiBd9C4
@WolfgangSesin
17 Jan 2025
14 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2024-26156 | ETIC Telecom Remote Access Server RAS up to 4.5.0 method cross site scripting (icsa-22-307-01)) has been published on https://t.co/YxOTKO0WKe
@WolfgangSesin
17 Jan 2025
18 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-26156 Reflected XSS Vulnerability in ETIC Telecom RAS Pre-4.5.0 Versions https://t.co/lRhqZ1zKVz
@VulmonFeeds
17 Jan 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes