Description
A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within the context of the affected interface.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- Hewlett Packard Enterprise (HPE) / HPE Aruba Networking AOS10.7.0.0 – 10.7.1.0
- Hewlett Packard Enterprise (HPE) / HPE Aruba Networking AOS10.4.0.0 – 10.4.1.6
- Hewlett Packard Enterprise (HPE) / HPE Aruba Networking AOS8.12.0.0 – 8.12.0.3
- Hewlett Packard Enterprise (HPE) / HPE Aruba Networking AOS8.10.0.0 – 8.10.0.15