A cross-site scripting vulnerability exists in Aruba Networks ArubaOS and InstantOS, an operating system for Aruba Mobility-Defined Networks (including mobile controllers and mobile access switches) from Aruba Networks, Inc. The vulnerability stems from a lack of effective filtering and escaping of user-supplied data, which could be exploited to launch cross-site scripting attacks.