CVE-2024-52951
📋 TL;DR
This stored cross-site scripting (XSS) vulnerability in Omada Identity allows authenticated attackers to inject malicious scripts into the Access Request History feature. When victims view the manipulated history or click specially crafted links, arbitrary code executes in their browsers. All organizations using Omada Identity before version 15 update 1 are affected.
💻 Affected Systems
- Omada Identity
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, perform session hijacking, redirect users to malicious sites, or deploy ransomware through browser-based attacks.
Likely Case
Attackers will steal session cookies and authentication tokens to gain unauthorized access to the identity management system, potentially compromising user accounts and permissions.
If Mitigated
With proper input validation and output encoding, the malicious scripts would be neutralized, preventing code execution while maintaining system functionality.
🎯 Exploit Status
Exploitation requires authenticated access; stored XSS payloads persist in the Access Request History.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Omada Identity version 15 update 1
Vendor Advisory: https://omadaidentity.com
Restart Required: Yes
Instructions:
1. Download Omada Identity version 15 update 1 from official vendor portal. 2. Backup current configuration and database. 3. Apply the update following vendor installation guide. 4. Restart Omada Identity services. 5. Verify successful update and functionality.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side input validation to sanitize Access Request History entries
Configure web application firewall rules to block script tags in Access Request History parameters
Content Security Policy
allImplement strict CSP headers to prevent script execution from untrusted sources
Add 'Content-Security-Policy: script-src 'self'' to HTTP headers
🧯 If You Can't Patch
- Restrict access to Access Request History feature to administrators only
- Implement web application firewall with XSS protection rules
🔍 How to Verify
Check if Vulnerable:
Check Omada Identity version in administration console; if version is earlier than 15 update 1, system is vulnerable.Check Version:
Check administration console → System Information → VersionVerify Fix Applied:
After patching, verify version shows 15 update 1 or later; test Access Request History with safe test payloads.📡 Detection & Monitoring
Log Indicators:
- Unusual Access Request History entries containing script tags or JavaScript code
- Multiple failed login attempts followed by Access Request History modifications
Network Indicators:
- HTTP requests with script payloads in Access Request History parameters
- Unexpected outbound connections from user browsers after viewing Access Request History
SIEM Query:
source="omada_logs" AND (message="*<script>*" OR message="*javascript:*") AND component="Access Request History"