Required CVE Record Information
Description
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.
References 5 Total
- http://packetstormsecurity.com/files/132060/Aruba-ClearPass-Policy-Manager-6.4-Cross-Site-Scripting.html
- exploit-db.com: 37172 exploit
- seclists.org: 20150527 ClearPass Policy Manager Stored XSS mailing-list
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt
- https://github.com/cmaruti/reports/blob/master/aruba_clearpass.pdf
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- http://packetstormsecurity.com/files/132060/Aruba-ClearPass-Policy-Manager-6.4-Cross-Site-Scripting.html x_transferred
- exploit-db.com: 37172 exploitx_transferred
- seclists.org: 20150527 ClearPass Policy Manager Stored XSS mailing-listx_transferred
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt x_transferred
- https://github.com/cmaruti/reports/blob/master/aruba_clearpass.pdf x_transferred