Cyber Resilience

CVE-2024-47002

HighPublic PoC

Published: 15 January 2025

Published
15 January 2025
Modified
22 August 2025
KEV Added
Patch
CVSS Score v3.1 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
EPSS Score 0.0963 93.1th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47002 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Observium Observium. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked in the top 6.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2024-47002 is an HTML code injection vulnerability, also described as cross-site scripting under CWE-79, that affects the VLAN management functionality in Observium Community Edition version 24.4.13528. A specially crafted HTTP request can inject arbitrary HTML code into the application.

An authenticated attacker can supply a malicious link that, when clicked by another authenticated user, executes the injected code. The CVSS 8.7 vector indicates the attack is remotely exploitable with low complexity and low privileges but requires user interaction, resulting in high impact to confidentiality and integrity with changed scope.

The vulnerability is detailed in the Talos Intelligence advisory TALOS-2024-2091. The associated EPSS score has remained flat at 0.0963 with no material increase since disclosure.

EU & UK References

Vulnerability details

A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the…

more

attacker.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
T1566.002 Spearphishing Link Initial Access
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
Why these techniques?

XSS directly enables browser session hijacking (T1185) via injected HTML execution and facilitates spearphishing link delivery (T1566.002) to trigger the payload in an authenticated context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-45061Same product: Observium Observium
CVE-2024-47140Same product: Observium Observium
CVE-2025-23547Shared CWE-79
CVE-2025-67978Shared CWE-79
CVE-2024-13919Shared CWE-79
CVE-2025-22498Shared CWE-79
CVE-2025-23904Shared CWE-79
CVE-2025-22754Shared CWE-79
CVE-2025-22682Shared CWE-79
CVE-2025-23593Shared CWE-79

Affected Assets

observium
observium
24.4.13528

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates HTTP request inputs to the VLAN management interface, rejecting specially crafted payloads that inject arbitrary HTML code.

prevent

Filters information outputs from the VLAN management component to prevent execution of injected HTML code in authenticated users' browsers.

prevent

Requires identification, reporting, and correction of the specific HTML injection flaw in Observium CE 24.4.13528.

References