CVE-2024-26154 MEDIUM

CVE-2024-26154: ETIC Telecom Remote Access Server (RAS) Cross-site Scripting

Vendor Etic Telecom

Product Remote Access Server (RAS)

Weakness CWE-79 · XSS

Published January 17, 2025

Last update January 21, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting in the appliance site name. The ETIC RAS web server saves the site name and then presents it to the administrators in a few different pages.

Key dates

02Disclosure timeline

January 17, 2025 CVE published

January 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-26154 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-49740 WordPress Seraphinite Accelerator Plugin <= 2.20.28 is vulnerable to Cross Site Scripting (XSS) CVE-2021-24239 Pie Register < 3.7.0.1 - Reflected Cross-Site Scripting (XSS) CVE-2022-1046 Visual Form Builder < 3.0.7 - Admin+ Stored Cross-Site Scripting CVE-2026-3402 PHPGurukul Student Record Management System edit-course.php cross site scripting CVE-2026-3878 WP Docs <= 2.2.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'wpdocs_options[icon_size]'