Unrated severityNVD Advisory· Published Jan 22, 2026· Updated Jan 23, 2026
Cross-Site Scripting (XSS) on Omada Controllers
CVE-2025-9289
Description
A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator’s browser, potentially exposing sensitive information and compromising confidentiality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
2- support.omadanetworks.com/us/download/mitrepatch
- support.omadanetworks.com/us/document/114950/mitrevendor-advisory
News mentions
0No linked articles in our index yet.