CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-37422 – Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface
https://notcve.org/view.php?id=CVE-2023-37422
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-37421 – Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface
https://notcve.org/view.php?id=CVE-2023-37421
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •