CVE-2024-47002

Name of the Vulnerable Software and Affected Versions: Observium CE version 24.4.13528

Description: A html code injection vulnerability exists in the vlan management part of Observium CE. This issue can be exploited by an attacker sending a specially crafted HTTP request, potentially leading to the execution of arbitrary html code. For a successful attack, an authenticated user would need to click on a malicious link provided by the attacker.

Recommendations: For Observium CE version 24.4.13528, consider disabling the vlan management feature until a patch is available to prevent potential html code injection attacks. Restrict access to the vlan management module to minimize the risk of exploitation. Avoid using the vlan management feature in Observium CE until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.