Description
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft requests with malicious User-Agent values that are stored without sanitation and rendered with insufficient encoding in the web console, leading to arbitrary JavaScript execution in the browsers of authenticated users viewing the statistics dashboard.
Published: 2026-04-06
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross‑Site Scripting leading to JavaScript execution in browsers of authenticated users
Action: Immediate Patch
AI Analysis

Impact

OCS Inventory NG Server versions 2.12.3 and earlier allow a malicious User‑Agent HTTP header to be stored without sanitization and later displayed in the web console. When an authenticated user visits the statistics dashboard, the unsanitized header is rendered, enabling the attacker to execute arbitrary JavaScript in the victim’s browser. This can lead to cookie theft, session hijacking, or other client‑side attacks. The weakness is a stored cross‑site scripting flaw (CWE‑79).

Affected Systems

The vulnerability affects the OCS Inventory NG Server product from OCS Inventory. Any installations running version 2.12.3 or earlier are susceptible; newer releases have the fix applied.

Risk and Exploitability

The CVSS base score of 5.1 indicates medium severity. The EPSS score is below 1 %, suggesting low probability of exploitation, and the flaw is not listed in CISA’s KEV catalog. Attackers can introduce malicious User‑Agent headers unauthenticated, but require an authenticated user to view the dashboard to see the effect. The risk is moderate, but the potential for credential compromise makes it important to remediate promptly.

Generated by OpenCVE AI on April 9, 2026 at 18:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OCS Inventory NG Server to the latest available version that includes the User‑Agent sanitization fix (for example, 2.12.4 or later).
  • Verify that the web console no longer renders User‑Agent values and that input validation or output encoding is in place.
  • Review the database for any stored malicious User‑Agent strings and delete them if present.
  • Implement logging or monitoring to detect unexpected User‑Agent headers.
  • Consider applying an access control or web‑app firewall rule to block or sanitize User‑Agent headers until a patch is applied.

Generated by OpenCVE AI on April 9, 2026 at 18:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ocsinventory-ng:ocs_inventory_server:*:*:*:*:*:*:*:*

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Ocsinventory-ng
Ocsinventory-ng ocs Inventory Server
Vendors & Products Ocsinventory-ng
Ocsinventory-ng ocs Inventory Server

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft requests with malicious User-Agent values that are stored without sanitation and rendered with insufficient encoding in the web console, leading to arbitrary JavaScript execution in the browsers of authenticated users viewing the statistics dashboard.
Title OCS Inventory NG Server Stored XSS via User-Agent
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Ocsinventory-ng Ocs Inventory Server
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-07T13:39:31.481Z

Reserved: 2026-01-08T19:04:26.365Z

Link: CVE-2026-22675

cve-icon Vulnrichment

Updated: 2026-04-07T13:39:26.682Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-06T22:16:20.673

Modified: 2026-04-09T17:37:28.397

Link: CVE-2026-22675

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:41:51Z

Weaknesses