Cross-Site Scripting Vulnerability in Aruba AirWave Management Software
CVE-2015-1390

6.1MEDIUM

Key Information:

Vendor

HP
Status
Airwave
Vendor
CVE Published:
5 September 2023

What is CVE-2015-1390?

Aruba AirWave versions prior to 8.0.7 contain a vulnerability that permits attackers to execute cross-site scripting (XSS) attacks against an administrator. This flaw can allow the insertion of malicious scripts into web pages viewed by the affected user, potentially leading to sessions hijacking and unauthorized access to sensitive information. It is crucial for administrators using Aruba AirWave to apply the necessary patches and updates to mitigate this risk.

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.