CVE-2025-43484

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.0MEDIUM

EPSS

0.0%

top 92.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Poly Clariti Manager HP Inc. Poly Clariti Manager

Timeline

PublishedJul 23

Description

A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website does not validate or sanitize the user input before rendering it in the response. HP has addressed the issue in the latest software update.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

Affected Packages2 packages

▶NVDhp/poly_clariti_manager< 10.12.2

▶CVEListV5hp_inc./poly_clariti_managerSee HP Security Bulletin reference for affected versions.

🔴Vulnerability Details

GHSA

GHSA-6qfh-5h66-4j6x: A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10↗2025-07-23

▶

CVEList

Poly Clariti Manager - Multiple Security Vulnerabilities↗2025-07-22

▶