JavaScript Injection Vulnerability in the OmniAccess Stellar Web Management Interface

2.4 / 10

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Description

Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service (DoS).

Basic Information

ID CVE-2025-52687

Source CSA

Published Jul 16, 2025 at 06:15

Modified Jul 16, 2025 at 14:41

Affected Product

Vendor Alcatel-Lucent

Product OmniAccess Stellar

Version AP1100 AWOS versions 5.0.2 GA and earlier

Affected Versions Alcatel-Lucent OmniAccess Stellar AP1100 AWOS versions 5.0.2 GA and earlier
Alcatel-Lucent OmniAccess Stellar AP1200 AWOS versions 5.0.2 GA and earlier
Alcatel-Lucent OmniAccess Stellar AP1300 AWOS versions 5.0.2 GA and earlier
Alcatel-Lucent OmniAccess Stellar AP1400 AWOS versions 5.0.2 GA and earlier
Alcatel-Lucent OmniAccess Stellar AP1500 AWOS versions 5.0.2 GA and earlier

CWE Classification

CWE-77

References

{
    "lastseen": "",
    "description": "Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service (DoS).",
    "published": "2025-07-16T06:15:05.328Z",
    "modified": "2025-07-16T14:41:09.909Z",
    "type": "cve",
    "title": "JavaScript Injection Vulnerability in the OmniAccess Stellar Web Management Interface",
    "source": "CSA",
    "references": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/\nhttps://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf",
    "id": "CVE-2025-52687",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Alcatel-Lucent OmniAccess Stellar AP1100 AWOS versions 5.0.2 GA and earlier\nAlcatel-Lucent OmniAccess Stellar AP1200 AWOS versions 5.0.2 GA and earlier\nAlcatel-Lucent OmniAccess Stellar AP1300 AWOS versions 5.0.2 GA and earlier\nAlcatel-Lucent OmniAccess Stellar AP1400 AWOS versions 5.0.2 GA and earlier\nAlcatel-Lucent OmniAccess Stellar AP1500 AWOS versions 5.0.2 GA and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 2.4,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OmniAccess Stellar",
    "version": "AP1100 AWOS versions 5.0.2 GA and earlier",
    "vendor": "Alcatel-Lucent",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

JavaScript Injection Vulnerability in the OmniAccess Stellar Web Management Interface_CVE-2025-52687