Cyber Resilience

CVE-2024-47140

HighPublic PoC

Published: 15 January 2025

Published
15 January 2025
Modified
22 August 2025
KEV Added
Patch
CVSS Score v3.1 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
EPSS Score 0.0070 72.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47140 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Observium Observium. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 27.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2024-47140 is a cross-site scripting (XSS) vulnerability in the add_alert_check page of Observium Community Edition (CE) version 24.4.13528. The flaw allows a specially crafted HTTP request to trigger arbitrary JavaScript code execution, classified under CWE-79. It carries a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), indicating high severity due to its network accessibility, low attack complexity, and potential for significant confidentiality and integrity impacts with changed scope.

An attacker can exploit this vulnerability by tricking an authenticated user with low privileges into clicking a malicious link. User interaction is required, but once the link is followed, the injected JavaScript executes in the victim's browser context, potentially enabling session hijacking, data theft, or further compromise within the Observium application.

Mitigation details and additional technical analysis are available in the Cisco Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2024-2090. Security practitioners should consult this report for patch information and remediation guidance specific to affected Observium deployments.

EU & UK References

Vulnerability details

A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the…

more

attacker.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
Why these techniques?

XSS enables arbitrary JS execution in browser (T1059.007) via malicious link to public-facing app (T1190/T1204.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-45061Same product: Observium Observium
CVE-2024-47002Same product: Observium Observium
CVE-2025-68891Shared CWE-79
CVE-2025-69054Shared CWE-79
CVE-2025-22714Shared CWE-79
CVE-2025-23473Shared CWE-79
CVE-2024-13668Shared CWE-79
CVE-2025-25118Shared CWE-79
CVE-2025-67918Shared CWE-79
CVE-2025-53222Shared CWE-79

Affected Assets

observium
observium
24.4.13528

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Patching the specific flaw in the add_alert_check page of Observium CE 24.4.13528 directly prevents exploitation of this XSS vulnerability.

prevent

Validating inputs from specially crafted HTTP requests prevents injection of arbitrary JavaScript code into the add_alert_check page.

prevent

Filtering and encoding information output on the add_alert_check page blocks execution of injected JavaScript in the victim's browser context.

References