CVE-2025-43484

MEDIUM

Poly Clariti Manager <10.12.1 - XSS

Title source: llm

Description

A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website does not validate or sanitize the user input before rendering it in the response. HP has addressed the issue in the latest software update.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hp.com/us-en/document/ish_12781425-12781447-16/hbsbpy04037

Scores

CVSS v3 6.1

EPSS 0.0012

EPSS Percentile 30.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

hp/poly_clariti_manager < 10.12.2

Published Jul 23, 2025

Tracked Since Feb 18, 2026