Description
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-007.txt
Scores
CVSS v3
6.1
EPSS
0.0032
EPSS Percentile
54.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (6)
arubanetworks/2530_firmware
16.08.0 - 16.08.0009
arubanetworks/2540_firmware
16.08.0 - 16.08.0009
arubanetworks/2920_firmware
16.08.0 - 16.08.0009
arubanetworks/2930_firmware
16.08.0 - 16.08.0009
arubanetworks/3810_firmware
16.08.0 - 16.08.0009
arubanetworks/5400r_firmware
16.08.0 - 16.08.0009
Published
Aug 26, 2020
Tracked Since
Feb 18, 2026