CVE-2024-47140

Name of the Vulnerable Software and Affected Versions: Observium CE version 24.4.13528

Description: A cross-site scripting (XSS) issue exists in the add alert check page, allowing an attacker to execute arbitrary JavaScript code through a specially crafted HTTP request. An authenticated user would need to click on a malicious link provided by the attacker to trigger the issue.

Recommendations: For Observium CE version 24.4.13528, as a temporary workaround, consider restricting access to the add alert check page until a patch is available. Avoid clicking on suspicious links from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.