Primary

Context

Observium HTML Code Injection Vulnerability in VLAN Management

Vulnerability

A HTML code injection vulnerability has been identified in the VLAN management section of Observium Community Edition (CE) version 24.4.13528. This vulnerability allows an authenticated user to inject arbitrary HTML code by clicking on a malicious link. The injection is achieved through a specially crafted HTTP request that exploits the VLAN functionality by manipulating the 'vlan_id' parameter.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where injected HTML is executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, an authenticated user must send a GET request to the VLAN management page, including a crafted 'vlan_id' parameter that contains the malicious HTML link. The response will reflect the injected HTML, demonstrating the successful exploitation of the vulnerability.

Remediation

Users are advised to update to the latest version of Observium CE, as the vulnerability has been patched in the most recent release.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.7

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.7

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Observium HTML Code Injection Vulnerability in VLAN Management

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Observium

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating