Back to search
CVE-2007-6054
Published: Nov 20, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /screens URI, related to the url variable.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://arubanetworks.com/support/alerts/aid-070907b.asc
x_refsource_CONFIRM
26465
vdb-entry
x_refsource_BID
20071115 PR07-26: Persistent XSS on Aruba 800 Mobility Controller's login page
mailing-list
x_refsource_BUGTRAQ
3380
third-party-advisory
x_refsource_SREASON
VU#680449
third-party-advisory
x_refsource_CERT-VN
45301
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now