← Back

CVE-2021-26682

nvd nist
Published: Feb 23, 2021Modified: Nov 21, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the guest portal interface of ClearPass could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the portal. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the guest portal interface.

Affected (5)

Arubanetworks
1 product
Clearpass Policy Manager
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Arubanetworks
Clearpass Policy Manager
Before 6.7.14
Clearpass Policy Manager
From 6.8.0 to 6.8.8
Clearpass Policy Manager
From 6.9.0 to 6.9.5
Clearpass Policy Manager
Version 6.7.14
Clearpass Policy Manager
Version 6.8.8

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

Source: security-alert@hpe.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.