CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2007-6054 – Aruba MC-800 Mobility Controller - Screens Directory HTML Injection
https://notcve.org/view.php?id=CVE-2007-6054
Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /screens URI, related to the url variable. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en la página de entrada en la interfaz de gestión en el controlador Aruba 800 Mobility 2.5.4.18 y anterior, y 2.4.8.6-FIPS y anterior, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de PATH_INFO en la URI /screens. relacionado con la variable url. • https://www.exploit-db.com/exploits/30771 http://arubanetworks.com/support/alerts/aid-070907b.asc http://osvdb.org/45301 http://securityreason.com/securityalert/3380 http://www.kb.cert.org/vuls/id/680449 http://www.securityfocus.com/archive/1/483778/100/0/threaded http://www.securityfocus.com/bid/26465 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •