CVE-2021-37715

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.2%

top 52.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Airwave

Timeline

PublishedAug 26

Latest updateMay 24

Description

A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5aruba_airwave_management_platformPrior to 8.2.13.0

▶NVDarubanetworks/airwave< 8.2.13.0

🔴Vulnerability Details

GHSA

GHSA-7chg-mxw7-5pfg: A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8↗2022-05-24

▶

CVEList

CVE-2021-37715: A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8↗2021-08-26

▶