CVE-2007-6054
Aruba 800 Mobility Controller <2.5.4.18 & <2.4.8.6-FIPS - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /screens URI, related to the url variable.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Jan Fry · textremotemultiple
https://www.exploit-db.com/exploits/30771
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
http://arubanetworks.com/support/alerts/aid-070907b.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26465
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/483778/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3380
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/680449
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/45301
Scores
EPSS
0.0192
EPSS Percentile
83.4%
Details
CWE
CWE-79
Status
published
Products (1)
aruba_networks/mc-800
(2 CPE variants)
Published
Nov 20, 2007
Tracked Since
Feb 18, 2026