Reflected Cross-Site Scripting Vulnerability in Aruba AirWave
CVE-2016-8527

6.1MEDIUM

Key Information:

Vendor
HP
Status
Aruba Airwave
Vendor
CVE Published:
6 August 2018

Summary

The Aruba AirWave platform has a vulnerability in its VisualRF component that allows for reflected cross-site scripting (XSS). This weakness can be exploited by attackers who can trick an authenticated administrative user into clicking on a specially crafted link. By doing so, the attacker gains access to sensitive information such as session cookies or passwords stored in the browser. This points to a significant risk for organizations using AirWave, as it underscores the importance of secure practices while navigating administrative interfaces.

Affected Version(s)

Aruba AirWave all versions up to, but not including, 8.2.3.1

References

http://www.securityfocus.com/bid/96495
vdb-entryx_refsource_BID
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-...
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/41482/
exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.