PT-2013-3638 · Aruba · Arubaos
Publicado
2013-03-28
·
Atualizado
2017-08-29
·
CVE-2013-2290
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
ArubaOS versions 6.1.x-AirGroup before 6.1.3.6-AirGroup
ArubaOS versions 6.1.x-FIPS before 6.1.4.3-FIPS
ArubaOS versions 6.1.3.x before 6.1.3.7
ArubaOS versions 6.2.x before 6.2.0.3
Description
A cross-site scripting (XSS) issue exists in the dashboard of the ArubaOS Administration WebUI, allowing remote wireless access points to inject arbitrary web script or HTML via a crafted SSID.
Recommendations
For ArubaOS versions 6.1.x-AirGroup before 6.1.3.6-AirGroup, update to version 6.1.3.6-AirGroup or later.
For ArubaOS versions 6.1.x-FIPS before 6.1.4.3-FIPS, update to version 6.1.4.3-FIPS or later.
For ArubaOS versions 6.1.3.x before 6.1.3.7, update to version 6.1.3.7 or later.
For ArubaOS versions 6.2.x before 6.2.0.3, update to version 6.2.0.3 or later.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Arubaos