CVE-2021-26967Cross-site Scripting in Airwave

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 51.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arubanetworks Airwave
Timeline
PublishedMar 5
Latest updateMay 24

Description

A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the AirWave management interface

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDarubanetworks/airwave< 8.2.12.0

🔴Vulnerability Details

2
GHSA
GHSA-v8h5-25p5-6hjm: A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 82022-05-24
CVEList
CVE-2021-26967: A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 82021-03-05
CVE-2021-26967 — Cross-site Scripting in Airwave | cvebase