CVE-2024-26154

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01", "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 \nare vulnerable to reflected cross site scripting in the appliance site \nname. The ETIC RAS web server saves the site name and then presents it \nto the administrators in a few different pages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-26154", "ASSIGNER": "ics-cert@hq.dhs.gov"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}}, "publishedDate": "2025-01-17T17:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.5.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-07-30T17:13Z"}