MEDIUM🇵🇱 Wersja polska

CVE-2025-9289

CVSS 5.7v4.0pub. 2026-01-22upd. 2026-03-16

A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator’s browser, potentially exposing sensitive information and compromising confidentiality.

CVSS Vector
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Tp Link Oc200

    HW
    Tp-Link
    12
  • Tp Link Oc200 Firmware

    OS
    Tp-Link
    < 2.22.9< 1.37.9
  • Tp Link Oc220

    HW
    Tp-Link
    1
  • Tp Link Oc220 Firmware

    OS
    Tp-Link
    < 1.2.9
  • Tp Link Oc300

    HW
    Tp-Link
    1.6
  • Tp Link Oc300 Firmware

    OS
    Tp-Link
    < 1.31.9
  • Tp Link Oc400

    HW
    Tp-Link
    1.6
  • Tp Link Oc400 Firmware

    OS
    Tp-Link
    < 1.9.9
  • Tp Link Omada Controller

    APP
    Tp-Link
    < 6.0.0.34< 6.0.0.100< 6.0.0.24
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2025-9520HIGH8.3ten sam produkt

An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to ma...

CVE-2025-9522MEDIUM5.1ten sam produkt

Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted ...

CVE-2025-9290MEDIUM6.0ten sam produkt

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device ...

CVE-2020-12475MEDIUM5.5ten sam produkt

TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link...

CVE-2025-9521LOW2.1ten sam produkt

Podatność Password Confirmation Bypass w kontrolerach Omada, umożliwiająca atakującemu posiadającemu ważny tok...