Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by OCS Inventory
CVE-2026-22675 (GCVE-0-2026-22675)
Vulnerability from cvelistv5 – Published: 2026-04-06 21:19 – Updated: 2026-05-26 11:52
VLAI
Title
OCS Inventory NG Server Stored XSS via User-Agent
Summary
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft requests with malicious User-Agent values that are stored without sanitization and rendered with insufficient encoding in the web console, leading to arbitrary JavaScript execution in the browsers of authenticated users viewing the statistics dashboard.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/OCSInventory-NG/OCSInventory-S… | issue-tracking |
| https://github.com/OCSInventory-NG/OCSInventory-S… | patch |
| https://www.vulncheck.com/advisories/ocs-inventor… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OCS Inventory | OCS Inventory NG Server |
Affected:
0 , ≤ 2.12.3
(semver)
Unaffected: 78faf2ca8b897141ba4d337d75692ab8e405bd4e (git) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T13:39:21.858530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T13:39:31.481Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OCS Inventory NG Server",
"repo": "https://github.com/OCSInventory-NG/OCSInventory-Server",
"vendor": "OCS Inventory",
"versions": [
{
"lessThanOrEqual": "2.12.3",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "78faf2ca8b897141ba4d337d75692ab8e405bd4e",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexandre Nesic (@_atsika) at Quarkslab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft requests with malicious User-Agent values that are stored without sanitization and rendered with insufficient encoding in the web console, leading to arbitrary JavaScript execution in the browsers of authenticated users viewing the statistics dashboard.\u003cbr\u003e"
}
],
"value": "OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft requests with malicious User-Agent values that are stored without sanitization and rendered with insufficient encoding in the web console, leading to arbitrary JavaScript execution in the browsers of authenticated users viewing the statistics dashboard."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T11:52:01.295Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/OCSInventory-NG/OCSInventory-Server/pull/483"
},
{
"tags": [
"patch"
],
"url": "https://github.com/OCSInventory-NG/OCSInventory-Server/commit/78faf2ca8b897141ba4d337d75692ab8e405bd4e"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ocs-inventory-ng-server-stored-xss-via-user-agent"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OCS Inventory NG Server Stored XSS via User-Agent",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-22675",
"datePublished": "2026-04-06T21:19:59.435Z",
"dateReserved": "2026-01-08T19:04:26.365Z",
"dateUpdated": "2026-05-26T11:52:01.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}