CVE-2008-2272

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.5.x, 2.5.6.x, 3.1.1.x, 3.2.0.x, and 3.3.1.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 16, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-2272
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
aruba_networks / aruba_mobility_controller	2.4.8	2.4.8.x
aruba_networks / aruba_mobility_controller	2.5.5	2.5.5.x
aruba_networks / aruba_mobility_controller	3.3.1	3.3.1.x
aruba_networks / aruba_mobility_controller	3.2.0	3.2.0.x
aruba_networks / aruba_mobility_controller	3.1.1	3.1.1.x
aruba_networks / aruba_mobility_controller	2.5.6	2.5.6.x

http://secunia.com/advisories/30262
http://www.arubanetworks.com/support/alerts/aid-051408.asc
http://www.securityfocus.com/archive/1/492113/100/0/threaded
http://www.securityfocus.com/bid/29240
http://www.securitytracker.com/id?1020033
https://exchange.xforce.ibmcloud.com/vulnerabilities/42433

Vulnerability Database

289,784

CVE-2008-2272