Cross-Site Scripting Vulnerability in Aruba 800 Mobility Controller
CVE-2007-6054

Currently unrated

Key Information:

Vendor: Aruba Networks
Status: Mc-800
Vendor: CVE Published:; 20 November 2007

🔔 Create Aruba Networks Vulnerability Alert

What is CVE-2007-6054?

The Aruba 800 Mobility Controller contains a cross-site scripting (XSS) vulnerability in the management interface's login page. This flaw allows remote attackers to inject arbitrary web scripts or HTML code via the PATH_INFO to the /screens URI, which is related to the url variable. Attackers could exploit this vulnerability to execute malicious scripts in the context of the user's browser, potentially leading to unauthorized access or other security breaches.

References

http://arubanetworks.com/support/alerts/aid-070907b.asc

x_refsource_CONFIRM

http://www.securityfocus.com/bid/26465

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/483778/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2007
Vulnerability Reserved
Nov 20, 2007

CVE-2007-6054 Data

JSON