Skip to main content

Ocs Inventory Ng Server

1 CVEs product

Monthly

CVE-2026-22675 MEDIUM PATCH This Month

Stored cross-site scripting in OCS Inventory NG Server 2.12.3 and prior allows unauthenticated attackers to inject malicious JavaScript via User-Agent HTTP headers to the /ocsinventory endpoint, which is then stored and executed in the browsers of authenticated users viewing the statistics dashboard. The vulnerability requires user interaction (dashboard access) but affects all instances accepting agent registrations without input validation, creating a persistent attack surface for multi-user deployments.

XSS Ocs Inventory Ng Server
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Stored cross-site scripting in OCS Inventory NG Server 2.12.3 and prior allows unauthenticated attackers to inject malicious JavaScript via User-Agent HTTP headers to the /ocsinventory endpoint, which is then stored and executed in the browsers of authenticated users viewing the statistics dashboard. The vulnerability requires user interaction (dashboard access) but affects all instances accepting agent registrations without input validation, creating a persistent attack surface for multi-user deployments.

XSS Ocs Inventory Ng Server
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy