CVE-2024-52951

Name of the Vulnerable Software and Affected Versions: Omada Identity versions prior to 15 update 1

Description: The issue allows an authenticated attacker to execute arbitrary code in the browser of a victim via a specially crafted link or by viewing a manipulated Access Request History. This is a result of a Stored Cross-Site Scripting in the Access Request History.

Recommendations: For Omada Identity versions prior to 15 update 1, update to version 15 update 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Access Request History feature until a patch is applied. Avoid using manipulated links or viewing suspicious Access Request History entries to minimize the risk of exploitation.