Cross-Site Scripting Vulnerability in Aruba Mobility Controller
CVE-2007-4023

Currently unrated

Key Information:

Vendor

Aruba

Status
Mobility Controller
Vendor
CVE Published:
26 July 2007

What is CVE-2007-4023?

A cross-site scripting (XSS) vulnerability exists in the login CGI program of Aruba Mobility Controller versions 2.5.4.18 and earlier, as well as in the 2.4.8.6-FIPS version and earlier. This flaw allows attackers to inject arbitrary web scripts or HTML, which can lead to unauthorized actions or data exposure when users interact with the application. Successful exploitation may compromise user sessions and lead to security breaches.

References

http://www.kb.cert.org/vuls/id/680449
third-party-advisoryx_refsource_CERT-VN
http://www.securityfocus.com/bid/25059
vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2007/2646
vdb-entryx_refsource_VUPEN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.