PT-2024-36546 · Oring · Oring Iap-420
A. Falb
+11
·
Published
2024-12-10
·
Updated
2025-10-31
·
CVE-2024-55546
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
ORing IAP-420 versions 2.01e and below
Description
The issue is related to a lack of input validation in the web interface of the ORing IAP-420, which allows for stored Cross-Site Scripting (XSS). This means that an attacker can inject malicious scripts into the web interface, which can then be executed by other users, potentially leading to unauthorized access or other malicious activities.
Recommendations
For versions 2.01e and below, update to a version that includes input validation for the web interface to prevent stored Cross-Site Scripting (XSS).
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oring Iap-420