A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator’s browser, potentially exposing sensitive information and compromising confidentiality.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
History
Thu, 22 Jan 2026 23:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator’s browser, potentially exposing sensitive information and compromising confidentiality. | |
| Title | Cross-Site Scripting (XSS) on Omada Controllers | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: TPLink
Published:
Updated: 2026-01-22T21:55:10.732Z
Reserved: 2025-08-20T22:24:18.301Z
Link: CVE-2025-9289
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-01-22T22:16:15.787
Modified: 2026-01-22T22:16:15.787
Link: CVE-2025-9289
Redhat
No data.
OpenCVE Enrichment
No data.