Primary

Context

Observium CE Cross-Site Scripting Vulnerability in Alert Check Function

Vulnerability

A cross-site scripting vulnerability has been identified in Observium CE version 24.4.13528, specifically within the add_alert_check page. This vulnerability allows for the execution of arbitrary JavaScript code through a specially crafted HTTP request. To exploit this issue, an authenticated user must click on a malicious link provided by an attacker.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected JavaScript is executed in the context of the user.

Reproduction

To reproduce this vulnerability, an authenticated user must send a GET request to the add_alert_check page, including a crafted entity_type parameter that injects JavaScript code. The injected code will execute when the victim clicks the 'Add Checker' button.

Remediation

Users are advised to update to the version released after December 24, 2024, when the vendor patch was made available.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.7

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.7

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Observium CE Cross-Site Scripting Vulnerability in Alert Check Function

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Observium

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating