ID CVE-2016-8527
Summary Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
exploit-db via4
description Aruba AirWave 8.2.3 - XML External Entity Injection / Cross-Site Scripting. CVE-2016-8526,CVE-2016-8527. Webapps exploit for XML platform
file exploits/xml/webapps/41482.txt
id EDB-ID:41482
last seen 2017-03-01
modified 2017-03-01
platform xml
port
published 2017-03-01
reporter Exploit-DB
source https://www.exploit-db.com/download/41482/
title Aruba AirWave 8.2.3 - XML External Entity Injection / Cross-Site Scripting
type webapps
packetstorm via4
data source https://packetstormsecurity.com/files/download/141385/SA-20170301-0.txt
id PACKETSTORM:141385
last seen 2017-03-02
published 2017-03-01
reporter P. Morimoto
source https://packetstormsecurity.com/files/141385/Aruba-AirWave-8.2.3-XXE-Injection-Cross-Site-Scripting.html
title Aruba AirWave 8.2.3 XXE Injection / Cross Site Scripting
refmap via4
bid 96495
confirm http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-001.txt
Last major update 07-08-2018 - 21:29
Published 06-08-2018 - 16:29
Last modified 07-08-2018 - 21:29
Back to Top