CVE-2023-39266

🗓️ 29 Aug 2023 19:20:18Reported by hpeType

A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-39266	30 Aug 202300:17	–	circl
CNNVD	Aruba Networks ArubaOS 跨站脚本漏洞	29 Aug 202300:00	–	cnnvd
Cvelist	CVE-2023-39266 Unauthenticated Stored Cross-Site Scripting in ArubaOS-Switch	29 Aug 202319:20	–	cvelist
EUVD	EUVD-2023-42998	3 Oct 202520:07	–	euvd
NVD	CVE-2023-39266	29 Aug 202320:15	–	nvd
OSV	CVE-2023-39266	29 Aug 202320:15	–	osv
Prion	Cross site scripting	29 Aug 202320:15	–	prion
Positive Technologies	PT-2023-26856 · Aruba · Arubaos-Switch	29 Aug 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-39266	23 May 202504:41	–	redhatcve
Vulnrichment	CVE-2023-39266 Unauthenticated Stored Cross-Site Scripting in ArubaOS-Switch	29 Aug 202319:20	–	vulnrichment

NVD

Node

hpe arubaos-switchRange<a.15.16.0026

hpe arubaos-switchRange16.01.0000–16.04.0027

hpe arubaos-switchRange16.05.0000–16.08.0027

hpe arubaos-switchRange16.10.0001–16.10.0024

hpe arubaos-switchRange16.11.0001–16.11.0013

AND

arubanetworks aruba_2530Match-

arubanetworks aruba_2530yaMatch-

arubanetworks aruba_2530ybMatch-

arubanetworks aruba_2540Match-

arubanetworks aruba_2920Match-

arubanetworks aruba_2930fMatch-

arubanetworks aruba_2930mMatch-

arubanetworks aruba_3810mMatch-

arubanetworks aruba_5406r_zl2Match-

arubanetworks aruba_5412r_zl2Match-

[
  {
    "defaultStatus": "affected",
    "product": "ArubaOS-Switch",
    "vendor": "Hewlett Packard Enterprise",
    "versions": [
      {
        "status": "affected",
        "version": "ArubaOS-Switch 16.11.xxxx: KB/WC/YA/YB/YC.16.11.0012 and below."
      },
      {
        "status": "affected",
        "version": "ArubaOS-Switch 16.10.xxxx: KB/WC/YA/YB/YC.16.10.0025 and below."
      },
      {
        "status": "affected",
        "version": "ArubaOS-Switch 16.10.xxxx: WB.16.10.23 and below."
      },
      {
        "status": "affected",
        "version": "ArubaOS-Switch 16.09.xxxx: All versions."
      },
      {
        "status": "affected",
        "version": "ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0026 and below."
      },
      {
        "status": "affected",
        "version": "ArubaOS-Switch 16.07.xxxx: All versions."
      },
      {
        "status": "affected",
        "version": "ArubaOS-Switch 16.06.xxxx: All versions."
      },
      {
        "status": "affected",
        "version": "ArubaOS-Switch 16.05.xxxx: All versions."
      },
      {
        "status": "affected",
        "version": "ArubaOS-Switch 16.04.xxxx: KA/RA.16.04.0026 and below."
      },
      {
        "status": "affected",
        "version": "ArubaOS-Switch 16.03.xxxx: All versions."
      },
      {
        "status": "affected",
        "version": "ArubaOS-Switch 16.02.xxxx: All versions."
      },
      {
        "status": "affected",
        "version": "ArubaOS-Switch 16.01.xxxx: All versions."
      },
      {
        "status": "affected",
        "version": "ArubaOS-Switch 15.xx.xxxx: 15.16.0025 and below."
      }
    ]
  }
]

Source	Link
arubanetworks	www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt

21 Nov 2024 08:15Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.1 - 8.3

EPSS0.00321

SSVC

CWE-79