CVE-2016-8527
MEDIUM NUCLEIAruba Airwave <8.2.3.1 - XSS
Title source: llmDescription
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by SEC Consult · textwebappsxml
https://www.exploit-db.com/exploits/41482
Nuclei Templates (1)
Aruba Airwave <8.2.3.1 - Cross-Site Scripting
MEDIUMby pikpikcu
Scores
CVSS v3
6.1
EPSS
0.6178
EPSS Percentile
98.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
hp/airwave
< 8.2.3.1
Published
Aug 06, 2018
Tracked Since
Feb 18, 2026