Cross-Site Scripting Vulnerability in Aruba AirWave Management Software
CVE-2015-1390
6.1MEDIUM
Summary
Aruba AirWave versions prior to 8.0.7 contain a vulnerability that permits attackers to execute cross-site scripting (XSS) attacks against an administrator. This flaw can allow the insertion of malicious scripts into web pages viewed by the affected user, potentially leading to sessions hijacking and unauthorized access to sensitive information. It is crucial for administrators using Aruba AirWave to apply the necessary patches and updates to mitigate this risk.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved