Vulnerability Description: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Software Version: InfoScale Operations Manager (IOM) BEFORE 9.1.3
NIST: https://nvd.nist.gov/vuln/detail/CVE-2026-44924
CVSS: 5.4
Severity: Medium
Credits: Claudia Bartolini, Marco Ventura, Valentina Stefanizzi, Massimiliano Brolli
Multiple vulnerabilities in the web-based management interface of InfoScale Operations Manager (VIOM) could allow an authenticated, remote attacker with guest or administrative privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface.