Skip to main content
Skip table of contents

ISN 2025-31: XSS Vulnerabilities in UMS

First published 28 July 2025

CVSS:3.1: 8.0 (High)

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Summary

Multiple instances of Stored Cross-Site Scripting (XSS) vulnerabilities found that affect the following products:

  • IGEL Universal Management Suite versions <=12.08.110

Details

After internal and external security testing, multiple instances of stored Cross-Site Scripting (XSS) vulnerabilities have been found in IGEL UMS. The vulnerability potentially allow a low privilege UMS admin to escalate its privileges through cookie/session hijacking.

Update Instructions

  • UMS: Update to version 12.08.130

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close