CVE-2013-2290Cross-site Scripting in Arubaos

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 37.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arubanetworks Arubaos
Timeline
PublishedMar 28
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x before 6.2.0.3, 6.1.3.x before 6.1.3.7, 6.1.x-FIPS before 6.1.4.3-FIPS, and 6.1.x-AirGroup before 6.1.3.6-AirGroup, as used by Mobility Controller, allows remote wireless access points to inject arbitrary web script or HTML via a crafted SSID.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDarubanetworks/arubaos11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-8384-9ccv-99pr: Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 62022-05-17
CVEList
CVE-2013-2290: Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 62013-03-28
CVE-2013-2290 — Cross-site Scripting in Arubaos | cvebase