CVE-2024-47002

{"id": "CVE-2024-47002", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2025-01-15T15:15:11.963", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2091", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2091", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de c\u00f3digo HTML en la parte de administraci\u00f3n de VLAN de Observium CE 24.4.13528. Una solicitud HTTP manipulada especialmente puede generar un c\u00f3digo HTML arbitrario. Un usuario autenticado tendr\u00eda que hacer clic en un enlace malicioso proporcionado por el atacante."}], "lastModified": "2025-08-22T16:22:31.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:observium:observium:24.4.13528:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "95117B86-A048-44B0-A349-F891B304A09E"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}