CVE-2024-26157

Name of the Vulnerable Software and Affected Versions: ETIC Telecom Remote Access Server (RAS) versions prior to 4.5.0

Description: The issue concerns reflected cross site scripting (XSS) attacks. This occurs in the get view method under the view parameter. The ETIC RAS web server uses dynamic pages that get their input from the client side and reflect the input in their response to the client.

Recommendations: For versions prior to 4.5.0, update to version 4.5.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the view parameter in the get view method to minimize the risk of exploitation.