Reflected Cross Site Scripting Vulnerabilities (XSS) in ClearPass Policy Manager Web-Based Management Interface
CVE-2023-25593

6.1MEDIUM

Key Information:

Vendor: HP (HP)
Status: Aruba Clearpass Policy Manager
Vendor: CVE Published:; 22 March 2023

What is CVE-2023-25593?

A vulnerability exists in the web-based management interface of ClearPass Policy Manager that could allow a remote attacker to execute a reflected cross-site scripting (XSS) attack. This flaw enables malicious users to inject arbitrary script code into a victim's browser session when they interact with the compromised interface. Exploiting this vulnerability could expose sensitive user data or lead to further attacks. Users and administrators are advised to review the software versions and apply necessary updates as per the vendor's recommendations.

Affected Version(s)

Aruba ClearPass Policy Manager 6.11.1 and below

Aruba ClearPass Policy Manager 6.10.8 and below

Aruba ClearPass Policy Manager 6.9.13 and below

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 22, 2023
Vulnerability Reserved
Feb 7, 2023

Credit

Sicarius(@EIS1carius) of CBP