Volerion logoVolerion
Volerion logoVolerion

Uniguest Tripleplay Unauthenticated Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in Uniguest Tripleplay versions prior to 24.2.1. This vulnerability allows remote attackers to execute arbitrary scripts by injecting malicious input into the page parameter. The issue arises from inadequate input sanitization and output encoding, enabling the execution of JavaScript in the context of the victim's browser.

Impact

Exploitation of this vulnerability allows for unauthenticated reflected cross-site scripting, where an attacker can execute arbitrary scripts in the context of the victim's browser, potentially compromising user data and session integrity.

Remediation

Users are advised to upgrade to Tripleplay versions 24.2.1 or 24.1.2. All remediation options require package installation by a trained Uniguest Support Engineer or Technical Services Engineer. Please contact your technical account representative or email support@tripleplay.tv to arrange an upgrade.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
1.7
exploitability
6.0
remediation
7.7
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.