Volerion logoVolerion
Volerion logoVolerion

Versa Director SD-WAN Orchestration Platform Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the Versa Director SD-WAN orchestration platform. The issue arises because the platform allows users to customize the interface by modifying the header, footer, and logo. However, the input for these customizations is not adequately validated or sanitized, enabling malicious users to inject and store XSS payloads. This vulnerability affects several versions of the software, with the exception of certain releases in 2025.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts can be executed in the context of the user's browser.

Remediation

Users are advised to upgrade to Versa Director versions 22.1.4 (February 8, 2025, and later), 22.1.3 (June 10, 2025, and later), 22.1.2 (June 10, 2025, and later), or 21.2.3 (June 10, 2025, and later).

Added: Jun 19, 2025, 12:31 AM
Updated: Jun 19, 2025, 12:31 AM

Vulnerability Rating

Custom Algorithm
spread
0.8
impact
1.7
exploitability
4.6
remediation
7.7
relevance
0.2
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.