CVE-2025-43486

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.7MEDIUM
EPSS
0.0%
top 93.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
HP Poly Clariti ManagerHP Inc. Poly Clariti Manager
Timeline
PublishedJul 23

Description

A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website allows user input to be stored and rendered without proper sanitization. HP has addressed the issue in the latest software update.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

Affected Packages2 packages

CVEListV5hp_inc./poly_clariti_managerSee HP Security Bulletin reference for affected versions.

🔴Vulnerability Details

2
GHSA
GHSA-r7gr-3p24-rv5j: A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 102025-07-23
CVEList
Poly Clariti Manager - Multiple Security Vulnerabilities2025-07-22
CVE-2025-43486 (MEDIUM CVSS 5.7) | A potential stored cross-site scrip | cvebase.io