CVE-2024-52951
HIGH EPSS 62.7%
Published Nov 27, 20241y ago · Modified Jun 17, 20261w ago
8.0 CVSS 3.1
Published Nov 27, 2024 1y ago
Last Modified Jun 17, 2026 1w ago
Description
Stored Cross-Site Scripting in the Access Request History in Omada Identity before version 15 update 1 allows an authenticated attacker to execute arbitrary code in the browser of a victim via a specially crafted link or by viewing a manipulated Access Request History
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
62.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
References 4
- seclists.org http://seclists.org/fulldisclosure/2024/Nov/19
- omadaidentity.com https://omadaidentity.com
- r.sec-consult.com https://r.sec-consult.com/omada
- sec-consult.com https://sec-consult.com/vulnerability-lab/advisory/stored-cross-site-scripting-in-omada-identity/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.