MEDIUM🇬🇧 English

CVE-2025-9289

CVSS 5.7v4.0pub. 2026-01-22upd. 2026-03-16

A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator’s browser, potentially exposing sensitive information and compromising confidentiality.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Tp Link Oc200

    HW
    Tp-Link
    12
  • Tp Link Oc200 Firmware

    OS
    Tp-Link
    < 2.22.9< 1.37.9
  • Tp Link Oc220

    HW
    Tp-Link
    1
  • Tp Link Oc220 Firmware

    OS
    Tp-Link
    < 1.2.9
  • Tp Link Oc300

    HW
    Tp-Link
    1.6
  • Tp Link Oc300 Firmware

    OS
    Tp-Link
    < 1.31.9
  • Tp Link Oc400

    HW
    Tp-Link
    1.6
  • Tp Link Oc400 Firmware

    OS
    Tp-Link
    < 1.9.9
  • Tp Link Omada Controller

    APP
    Tp-Link
    < 6.0.0.34< 6.0.0.100< 6.0.0.24
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2025-9520HIGH8.3ten sam produkt

An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to ma...

CVE-2025-9522MEDIUM5.1ten sam produkt

Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted ...

CVE-2025-9290MEDIUM6.0ten sam produkt

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device ...

CVE-2020-12475MEDIUM5.5ten sam produkt

TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link...

CVE-2025-9521LOW2.1ten sam produkt

Podatność Password Confirmation Bypass w kontrolerach Omada, umożliwiająca atakującemu posiadającemu ważny tok...