Lucene search

MitreCVE-2013-2290

HistoryMar 28, 2013 - 11:55 p.m.

CVE-2013-2290

2013-03-2823:55:01

CWE-79

mitre

web.nvd.nist.gov

aruba networks

arubaos

xss

vulnerability

dashboard

web script

html

ssid

wireless access points

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

54.7%

JSON

Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x before 6.2.0.3, 6.1.3.x before 6.1.3.7, 6.1.x-FIPS before 6.1.4.3-FIPS, and 6.1.x-AirGroup before 6.1.3.6-AirGroup, as used by Mobility Controller, allows remote wireless access points to inject arbitrary web script or HTML via a crafted SSID.

Affected configurations

Nvd

Node

arubanetworksarubaosMatch6.2.0.0

arubanetworksarubaosMatch6.2.0.1

arubanetworksarubaosMatch6.2.0.2

Node

arubanetworksarubaosMatch6.1.3.0

arubanetworksarubaosMatch6.1.3.1

arubanetworksarubaosMatch6.1.3.2

arubanetworksarubaosMatch6.1.3.4

arubanetworksarubaosMatch6.1.3.5

arubanetworksarubaosMatch6.1.3.6

Node

arubanetworksarubaosMatch6.1.2.3-fips

arubanetworksarubaosMatch6.1.4.2-fips

VendorProductVersionCPE
arubanetworksarubaos6.2.0.0cpe:2.3:o:arubanetworks:arubaos:6.2.0.0:*:*:*:*:*:*:*
arubanetworksarubaos6.2.0.1cpe:2.3:o:arubanetworks:arubaos:6.2.0.1:*:*:*:*:*:*:*
arubanetworksarubaos6.2.0.2cpe:2.3:o:arubanetworks:arubaos:6.2.0.2:*:*:*:*:*:*:*
arubanetworksarubaos6.1.3.0cpe:2.3:o:arubanetworks:arubaos:6.1.3.0:*:*:*:*:*:*:*
arubanetworksarubaos6.1.3.1cpe:2.3:o:arubanetworks:arubaos:6.1.3.1:*:*:*:*:*:*:*
arubanetworksarubaos6.1.3.2cpe:2.3:o:arubanetworks:arubaos:6.1.3.2:*:*:*:*:*:*:*
arubanetworksarubaos6.1.3.4cpe:2.3:o:arubanetworks:arubaos:6.1.3.4:*:*:*:*:*:*:*
arubanetworksarubaos6.1.3.5cpe:2.3:o:arubanetworks:arubaos:6.1.3.5:*:*:*:*:*:*:*
arubanetworksarubaos6.1.3.6cpe:2.3:o:arubanetworks:arubaos:6.1.3.6:*:*:*:*:*:*:*
arubanetworksarubaos6.1.2.3cpe:2.3:o:arubanetworks:arubaos:6.1.2.3:-:fips:*:*:*:*:*

Vendor	Product	Version	CPE
arubanetworks	arubaos	6.2.0.0	cpe:2.3:o:arubanetworks:arubaos:6.2.0.0:::::::*
arubanetworks	arubaos	6.2.0.1	cpe:2.3:o:arubanetworks:arubaos:6.2.0.1:::::::*
arubanetworks	arubaos	6.2.0.2	cpe:2.3:o:arubanetworks:arubaos:6.2.0.2:::::::*
arubanetworks	arubaos	6.1.3.0	cpe:2.3:o:arubanetworks:arubaos:6.1.3.0:::::::*
arubanetworks	arubaos	6.1.3.1	cpe:2.3:o:arubanetworks:arubaos:6.1.3.1:::::::*
arubanetworks	arubaos	6.1.3.2	cpe:2.3:o:arubanetworks:arubaos:6.1.3.2:::::::*
arubanetworks	arubaos	6.1.3.4	cpe:2.3:o:arubanetworks:arubaos:6.1.3.4:::::::*
arubanetworks	arubaos	6.1.3.5	cpe:2.3:o:arubanetworks:arubaos:6.1.3.5:::::::*
arubanetworks	arubaos	6.1.3.6	cpe:2.3:o:arubanetworks:arubaos:6.1.3.6:::::::*
arubanetworks	arubaos	6.1.2.3	cpe:2.3:o:arubanetworks:arubaos:6.1.2.3:-:fips:::::*

Rows per page:

1-10 of 111

References

osvdb.org/91485

secunia.com/advisories/52690

www.arubanetworks.com/support/alerts/aid-042213.asc

www.securityfocus.com/bid/58579

exchange.xforce.ibmcloud.com/vulnerabilities/82917

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

54.7%

JSON

Related for CVE-2013-2290