Description
InfoScale VIOM 9.1.3 allows XSS.
Published: 2026-05-20
Score: 5.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in InfoScale VIOM 9.1.3 permits the injection and execution of arbitrary JavaScript within a user’s web browser when the VIOM web application is viewed. This client‑side code execution can be triggered by unvalidated input that is reflected in page output.

Affected Systems

Only InfoScale VIOM version 9.1.3 is listed as affected. No additional vendors or product versions are specified in the advisory.

Risk and Exploitability

The CVSS score of 5.4 indicates a moderate level of severity and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. Based on the nature of the flaw, the likely attack vector is the VIOM web interface that requires a user to interact with the application. No public exploit demonstrations are noted in the available data.

Generated by OpenCVE AI on May 20, 2026 at 22:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the security update released by Veritas/InfoScale that removes the XSS flaw (refer to the vendor's support documents).
  • If an update cannot be applied immediately, employ a Web Application Firewall or similar filtering mechanism to block the execution of script tags on the VIOM web interface.
  • Ensure that all user‑controlled input is properly encoded or sanitized before rendering within HTML content to prevent script injection.

Generated by OpenCVE AI on May 20, 2026 at 22:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 22:30:00 +0000

Type Values Removed Values Added
Title Cross‑Site Scripting in InfoScale VIOM 9.1.3

Wed, 20 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 May 2026 17:45:00 +0000

Type Values Removed Values Added
Title Cross‑Site Scripting in InfoScale VIOM 9.1.3
Weaknesses CWE-79

Wed, 20 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description InfoScale VIOM 9.1.3 allows XSS.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-20T18:36:36.933Z

Reserved: 2026-05-08T00:00:00.000Z

Link: CVE-2026-44924

cve-icon Vulnrichment

Updated: 2026-05-20T18:36:26.852Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-20T17:16:24.130

Modified: 2026-05-20T20:16:40.180

Link: CVE-2026-44924

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T22:15:25Z

Weaknesses