A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
References
| Link | Resource |
|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-008.txt | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
No history.
Information
Published : 2023-07-05 15:15
Updated : 2023-07-11 17:38
NVD link : CVE-2023-35971
Mitre link : CVE-2023-35971
CVE.ORG link : CVE-2023-35971
JSON object : View
Products Affected
arubanetworks
- mcr-hw-5k
- mc-va-10
- mcr-va-5k
- mcr-hw-10k
- mcr-va-10k
- sd-wan
- mc-va-1k
- mcr-va-1k
- arubaos
- mcr-va-50
- mcr-va-500
- mcr-hw-1k
- mc-va-50
- mc-va-250
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')