CVE-2007-6054

EPSS 2.4%

Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /screens URI, related to the url variable.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/30771unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://arubanetworks.com/support/alerts/aid-070907b.asc http://osvdb.org/45301 http://securityreason.com/securityalert/3380 http://www.kb.cert.org/vuls/id/680449 http://www.securityfocus.com/archive/1/483778/100/0/threaded http://www.securityfocus.com/bid/26465