{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22675", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-01-08T19:04:26.365Z", "datePublished": "2026-04-06T21:19:59.435Z", "dateUpdated": "2026-04-06T21:19:59.435Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-06T21:19:59.435Z"}, "title": "OCS Inventory NG Server Stored XSS via User-Agent", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "affected": [{"vendor": "OCS Inventory", "product": "OCS Inventory NG Server", "repo": "https://github.com/OCSInventory-NG/OCSInventory-Server", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "2.12.3", "versionType": "semver"}, {"status": "unaffected", "version": "78faf2ca8b897141ba4d337d75692ab8e405bd4e", "versionType": "git"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft requests with malicious User-Agent values that are stored without sanitation and rendered with insufficient encoding in the web console, leading to arbitrary JavaScript execution in the browsers of authenticated users viewing the statistics dashboard.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft requests with malicious User-Agent values that are stored without sanitation and rendered with insufficient encoding in the web console, leading to arbitrary JavaScript execution in the browsers of authenticated users viewing the statistics dashboard.<br>"}]}], "references": [{"url": "https://github.com/OCSInventory-NG/OCSInventory-Server/pull/483", "tags": ["issue-tracking"]}, {"url": "https://github.com/OCSInventory-NG/OCSInventory-Server/commit/78faf2ca8b897141ba4d337d75692ab8e405bd4e", "tags": ["patch"]}, {"url": "https://www.vulncheck.com/advisories/ocs-inventory-ng-server-stored-xss-via-user-agent", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}}], "credits": [{"lang": "en", "value": "Alexandre Nesic (@_atsika) at Quarkslab", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft requests with malicious User-Agent values that are stored without sanitation and rendered with insufficient encoding in the web console, leading to arbitrary JavaScript execution in the browsers of authenticated users viewing the statistics dashboard."}], "id": "CVE-2026-22675", "lastModified": "2026-04-06T22:16:20.673", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-06T22:16:20.673", "references": [{"source": "disclosure@vulncheck.com", "url": "https://github.com/OCSInventory-NG/OCSInventory-Server/commit/78faf2ca8b897141ba4d337d75692ab8e405bd4e"}, {"source": "disclosure@vulncheck.com", "url": "https://github.com/OCSInventory-NG/OCSInventory-Server/pull/483"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/ocs-inventory-ng-server-stored-xss-via-user-agent"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.12.3]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "code_commit", "value": "78faf2ca8b897141ba4d337d75692ab8e405bd4e"}}], "enrichment": {"confidence": 90.0, "confidence_source": "matching", "scores": [{"score": 90.0, "source": "matching"}]}, "original": {"product": "OCS Inventory NG Server", "source": "cna", "vendor": "OCS Inventory"}, "product": "ocs_inventory_server", "vendor": "ocsinventory-ng"}], "analysis": {"en": {"generated_at": "2026-04-07T01:21:09.772479+00:00", "value": {"mitigation_remediation": ["Apply the latest OCS Inventory NG Server release that fixes the XSS vulnerability."], "summary": {"action": "Patch Immediately", "impact": "Cross\u2011site scripting allows attackers to execute arbitrary JavaScript in the browsers of authenticated users."}, "threat_synthesis": {"affected_systems": "OCS Inventory NG Server versions 2.12.3 and earlier are affected. The flaw is triggered by requests to the /ocsinventory endpoint and requires no authentication to submit the payload, but the impact materializes only when authenticated users access the web console.", "description_and_impact": "A stored cross\u2011site scripting flaw exists in OCS Inventory NG Server, where malicious User\u2011Agent HTTP headers are saved without sanitization and later rendered in the statistics dashboard. The vulnerability permits an unauthenticated attacker to inject arbitrary JavaScript that runs when an authorized user views the console, potentially leading to session hijacking or other client\u2011side attacks.", "risk_and_exploitability": "With a CVSS score of 5.1, the vulnerability is considered moderate severity. No EPSS score is available, and the flaw is not listed in CISA\u2019s KEV catalogue, indicating it is not currently known to be actively exploited in the wild. The attack requires the attacker to send crafted HTTP requests to the affected endpoint, after which authenticated users\u2019 browsers run the injected script. The lack of authentication for the injection step simplifies exploitation, but the effect is limited to users who view the console. Overall risk is moderate, with an elevated threat if the affected software remains unpatched. "}}}}, "created": "2026-04-07T06:53:57.841417+00:00", "updated": "2026-04-07T09:36:56.199512+00:00", "vendors": ["ocsinventory-ng", "ocsinventory-ng$PRODUCT$ocs_inventory_server"]}