Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Aruba
  • Mobility Controller

Configuration 1 [-]

OR cpe:2.3:h:aruba:mobility_controller:*:*:*:*:*:*:*:*
cpe:2.3:h:aruba:mobility_controller:*:*:*:*:*:*:*:*
References
Link Resource
http://osvdb.org/36469
http://secunia.com/advisories/26192 Patch Vendor Advisory
http://www.arubanetworks.com/support/alerts/aid-070907b.asc
http://www.kb.cert.org/vuls/id/680449 US Government Resource
http://www.securityfocus.com/bid/25059
http://www.securitytracker.com/id?1018457
http://www.vupen.com/english/advisories/2007/2646
https://exchange.xforce.ibmcloud.com/vulnerabilities/35605
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-07-26T19:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-07-26T00:00:00

Link: CVE-2007-4023

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2007-07-26T19:30:00.000

Modified: 2017-07-29T01:32:41.113

Link: CVE-2007-4023

JSON object: View

cve-icon Redhat Information

No data.

CWE