Reflected Cross Site Scripting Vulnerabilities (XSS) in ClearPass Policy Manager Web-Based Management Interface
CVE-2023-25593
6.1MEDIUM
What is CVE-2023-25593?
A vulnerability exists in the web-based management interface of ClearPass Policy Manager that could allow a remote attacker to execute a reflected cross-site scripting (XSS) attack. This flaw enables malicious users to inject arbitrary script code into a victim's browser session when they interact with the compromised interface. Exploiting this vulnerability could expose sensitive user data or lead to further attacks. Users and administrators are advised to review the software versions and apply necessary updates as per the vendor's recommendations.
Affected Version(s)
Aruba ClearPass Policy Manager 6.11.1 and below
Aruba ClearPass Policy Manager 6.10.8 and below
Aruba ClearPass Policy Manager 6.9.13 and below