CVE-2024-26157

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01", "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 \nare vulnerable to reflected cross site scripting (XSS) attacks in get \nview method under view parameter. The ETIC RAS web server uses dynamic \npages that get their input from the client side and reflect the input in\n their response to the client."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-26157", "ASSIGNER": "ics-cert@hq.dhs.gov"}}, "impact": {}, "publishedDate": "2025-01-17T17:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.5.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-07-31T18:20Z"}