PT-2013-3638 · Aruba · Arubaos
Published
2013-03-28
·
Updated
2017-08-29
·
CVE-2013-2290
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
ArubaOS versions 6.1.x-AirGroup before 6.1.3.6-AirGroup
ArubaOS versions 6.1.x-FIPS before 6.1.4.3-FIPS
ArubaOS versions 6.1.3.x before 6.1.3.7
ArubaOS versions 6.2.x before 6.2.0.3
Description
A cross-site scripting (XSS) issue exists in the dashboard of the ArubaOS Administration WebUI, allowing remote wireless access points to inject arbitrary web script or HTML via a crafted SSID.
Recommendations
For ArubaOS versions 6.1.x-AirGroup before 6.1.3.6-AirGroup, update to version 6.1.3.6-AirGroup or later.
For ArubaOS versions 6.1.x-FIPS before 6.1.4.3-FIPS, update to version 6.1.4.3-FIPS or later.
For ArubaOS versions 6.1.3.x before 6.1.3.7, update to version 6.1.3.7 or later.
For ArubaOS versions 6.2.x before 6.2.0.3, update to version 6.2.0.3 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arubaos