CVE-2013-2290

Published Mar 28, 2013

Last updated 3 months ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x before 6.2.0.3, 6.1.3.x before 6.1.3.7, 6.1.x-FIPS before 6.1.4.3-FIPS, and 6.1.x-AirGroup before 6.1.3.6-AirGroup, as used by Mobility Controller, allows remote wireless access points to inject arbitrary web script or HTML via a crafted SSID.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:arubaos:6.2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD1BB950-27ED-4FD5-AB4B-9A2A2335E2CE"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:arubaos:6.2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD7C0BA2-C8F0-48B0-8B6F-5A31E87E216F"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:arubaos:6.2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55915155-C7B9-4485-B046-8CDF70F8AB35"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9792484-1C9D-4A94-8BC0-F3389388037A"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83D0BE40-36C1-4177-A545-BC1F7435C1BB"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6A8B524-49C4-4069-9F08-795EE3ABEFEC"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2652D8B-C361-4349-B7FC-3C40BF0A3F43"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22013B3A-82E6-4960-9D6D-0BEF991153F9"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "923BCFD5-15F0-4088-9E24-7CA5626AAB5B"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.2.3:-:fips:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00DC1E4C-98D2-4D02-9C2E-73124961F525"
          },
          {
            "criteria": "cpe:2.3:o:arubanetworks:arubaos:6.1.4.2:-:fips:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12EA628C-9D87-423F-A494-8CB9DCCB6287"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References