CVE-2013-2290
ArubaOS < 6.2.0.3, < 6.1.3.7, < 6.1.4.3-FIPS, < 6.1.3.6-AirGroup - Cross-Site Scripting via SSID
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x before 6.2.0.3, 6.1.3.x before 6.1.3.7, 6.1.x-FIPS before 6.1.4.3-FIPS, and 6.1.x-AirGroup before 6.1.3.6-AirGroup, as used by Mobility Controller, allows remote wireless access points to inject arbitrary web script or HTML via a crafted SSID.
References (5)
Core 5
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/52690
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/58579
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/82917
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/91485
Vendor Advisory x_refsource_confirm
http://www.arubanetworks.com/support/alerts/aid-042213.asc
Scores
EPSS
0.0043
EPSS Percentile
62.4%
Details
CWE
CWE-79
Status
published
Products (11)
arubanetworks/arubaos
6.2.0.0
arubanetworks/arubaos
6.2.0.1
arubanetworks/arubaos
6.2.0.2
arubanetworks/arubaos
6.1.3.0
arubanetworks/arubaos
6.1.3.1
arubanetworks/arubaos
6.1.3.2
arubanetworks/arubaos
6.1.3.4
arubanetworks/arubaos
6.1.3.5
arubanetworks/arubaos
6.1.3.6
arubanetworks/arubaos
6.1.2.3
... and 1 more
Published
Mar 28, 2013
Tracked Since
Feb 18, 2026