CVE-2025-9289
Cross-Site Scripting (XSS) on Omada Controllers
A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator’s browser, potentially exposing sensitive information and compromising confidentiality.
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
Productos afectados
TP-Link Systems Inc. · Omada cloud controllerTP-Link Systems Inc. · Omada OC200, OC220, OC300, OC400TP-Link Systems Inc. · Omada Software Controller¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →