CVE-2024-47140
Published: 15 January 2025
Summary
CVE-2024-47140 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Observium Observium. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 27.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2024-47140 is a cross-site scripting (XSS) vulnerability in the add_alert_check page of Observium Community Edition (CE) version 24.4.13528. The flaw allows a specially crafted HTTP request to trigger arbitrary JavaScript code execution, classified under CWE-79. It carries a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), indicating high severity due to its network accessibility, low attack complexity, and potential for significant confidentiality and integrity impacts with changed scope.
An attacker can exploit this vulnerability by tricking an authenticated user with low privileges into clicking a malicious link. User interaction is required, but once the link is followed, the injected JavaScript executes in the victim's browser context, potentially enabling session hijacking, data theft, or further compromise within the Observium application.
Mitigation details and additional technical analysis are available in the Cisco Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2024-2090. Security practitioners should consult this report for patch information and remediation guidance specific to affected Observium deployments.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-42869
Vulnerability details
A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the…
more
attacker.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS enables arbitrary JS execution in browser (T1059.007) via malicious link to public-facing app (T1190/T1204.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Patching the specific flaw in the add_alert_check page of Observium CE 24.4.13528 directly prevents exploitation of this XSS vulnerability.
Validating inputs from specially crafted HTTP requests prevents injection of arbitrary JavaScript code into the add_alert_check page.
Filtering and encoding information output on the add_alert_check page blocks execution of injected JavaScript in the victim's browser context.