ISN 2025-31: XSS Vulnerabilities in UMS
First published 28 July 2025
CVSS:3.1: 8.0 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Multiple instances of Stored Cross-Site Scripting (XSS) vulnerabilities found that affect the following products:
IGEL Universal Management Suite versions <=12.08.110
Details
After internal and external security testing, multiple instances of stored Cross-Site Scripting (XSS) vulnerabilities have been found in IGEL UMS. The vulnerability potentially allow a low privilege UMS admin to escalate its privileges through cookie/session hijacking.
Update Instructions
UMS: Update to version 12.08.130