Reflected Cross Site Scripting Vulnerabilities (XSS) in ClearPass Policy Manager Web-Based Management Interface
CVE-2023-25592

6.1MEDIUM

Key Information:

Vendor: HP (HP)
Status: Aruba Clearpass Policy Manager
Vendor: CVE Published:; 22 March 2023

What is CVE-2023-25592?

The web-based management interface of ClearPass Policy Manager contains vulnerabilities that may enable a remote attacker to launch a reflected cross-site scripting (XSS) attack against users of the interface. If successfully exploited, this vulnerability permits the execution of arbitrary script code within a victim's browser, potentially allowing the attacker to manipulate the user’s experience or steal sensitive information.

Affected Version(s)

Aruba ClearPass Policy Manager 6.11.1 and below

Aruba ClearPass Policy Manager 6.10.8 and below

Aruba ClearPass Policy Manager 6.9.13 and below

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 22, 2023
Vulnerability Reserved
Feb 7, 2023

Credit

AT&T Security Team