Reflected Cross Site Scripting Vulnerabilities (XSS) in ClearPass Policy Manager Web-Based Management Interface
CVE-2023-25593

6.1MEDIUM

Key Information:

Vendor: HP
Status: Aruba ClearPass Policy Manager
Vendor: CVE Published:; 22 March 2023

Summary

Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

Affected Version(s)

Aruba ClearPass Policy Manager 6.11.1 and below

Aruba ClearPass Policy Manager 6.10.8 and below

Aruba ClearPass Policy Manager 6.9.13 and below

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 22, 2023
Vulnerability Reserved
Feb 7, 2023

Credit

Sicarius(@EIS1carius) of CBP