CVE-2008-2272 — Cross-site Scripting in Networks Aruba Mobility Controller

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 35.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Aruba Networks Aruba Mobility Controller

Timeline

PublishedMay 16

Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.5.x, 2.5.6.x, 3.1.1.x, 3.2.0.x, and 3.3.1.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDaruba_networks/aruba_mobility_controller6 versions+5

🔴Vulnerability Details

GHSA

GHSA-2hwp-cw9h-92vp: Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Aruba Mobility Controller 2↗2022-05-01

▶

CVEList

CVE-2008-2272: Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Aruba Mobility Controller 2↗2008-05-16

▶