Published: 28/05/2015 Updated: 31/12/2016

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) prior to 6.4.5 allows remote malicious users to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
arubanetworks clearpass policy manager

=============================================================================== title: ClearPass Policy Manager Stored XSS case id: CM-2014-01 product: Aruba ClearPass Policy Manager vulnerability type: Stored cross-site script severity: Medium found: 2014-11-24 ...

Aruba ClearPass Policy Manager version 64 suffers from a stored cross site scripting vulnerability ...

CWE-79 https://github.com/cmaruti/reports/blob/master/aruba_clearpass.pdf http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt http://seclists.org/fulldisclosure/2015/May/115 http://packetstormsecurity.com/files/132060/Aruba-ClearPass-Policy-Manager-6.4-Cross-Site-Scripting.html https://www.exploit-db.com/exploits/37172/https://nvd.nist.gov https://www.exploit-db.com/exploits/37172/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-1389

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect