CVE-2024-26156

Name of the Vulnerable Software and Affected Versions: ETIC Telecom Remote Access Server (RAS) versions prior to 4.5.0

Description: The issue concerns reflected cross-site scripting (XSS) attacks. Specifically, the ETIC RAS web server is vulnerable to XSS attacks in the method parameter. This occurs because the server uses dynamic pages that get their input from the client side and reflect the input in its response to the client.

Recommendations: For versions prior to 4.5.0, update to version 4.5.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the method parameter in the affected API endpoint until a patch is available.