Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-1389 — Cross-site Scripting in Clearpass Policy Manager

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

12.4%

top 6.08%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Arubanetworks Clearpass Policy Manager

Timeline

PublishedMay 28

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDarubanetworks/clearpass_policy_manager6.4.4

🔴Vulnerability Details

GHSA

GHSA-qqmj-3x2j-j469: Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6↗2022-05-17

▶

CVEList

CVE-2015-1389: Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6↗2015-05-28

▶

💥Exploits & PoCs

Exploit-DB

Aruba ClearPass Policy Manager - Persistent Cross-Site Scripting↗2015-06-01

▶

💬Community

Bugzilla

CVE-2014-1389 webkitgtk: arbitrary code execution and denial of service↗2015-01-12

▶