CVE-2022-37896
published 2022-10-07CVE-2022-37896: A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS)…
PriorityP427medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.55%
41.7th percentile
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arubanetworks | arubaos | >= 10.3.0.0 < 10.3.1.1 | 10.3.1.1 |
| arubanetworks | instant | >= 6.4.0.0 < 6.4.4.8-4.2.4.21 | 6.4.4.8-4.2.4.21 |
| arubanetworks | instant | >= 6.5.0.0 < 6.5.4.24 | 6.5.4.24 |
| arubanetworks | instant | >= 8.10.0.0 < 8.10.0.2 | 8.10.0.2 |
| arubanetworks | instant | >= 8.6.0.0 < 8.6.0.19 | 8.6.0.19 |
| arubanetworks | instant | >= 8.7.0.0 < 8.7.1.10 | 8.7.1.10 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SCALANCE W1750D
cisa_ics·2022-11-10
Siemens SCALANCE W1750D
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE W1750D
Last RevisedNovember 10, 2022
Alert CodeICSA-22-314-10
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE W1750D
- Vulnerabilities: Uncontrolled Resource Consumption, Buffer Copy without Checking Size of Input, Improper Neutralization of Input During Web Page Generation, Improper Neutralization of Special Elements used in a Command, Improper Input Validation
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to inject comman
VulDB
Aruba InstantOS/ArubaOS Web Management Interface cross site scripting (PSA-2022-014 / EUVD-2022-40503)
vuldb·2026-06-19·CVSS 6.1
CVE-2022-37896 [MEDIUM] Aruba InstantOS/ArubaOS Web Management Interface cross site scripting (PSA-2022-014 / EUVD-2022-40503)
A vulnerability described as problematic has been identified in Aruba InstantOS and ArubaOS. Affected by this vulnerability is an unknown functionality of the component Web Management Interface. Executing a manipulation can lead to cross site scripting.
This vulnerability is handled as CVE-2022-37896. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is recommended.
GHSA
GHSA-9pqp-62pc-c8g4: A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripti
ghsa_unreviewed·2023-07-06
CVE-2022-37896 [MEDIUM] CWE-79 GHSA-9pqp-62pc-c8g4: A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripti
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-10-07
Published