CVE-2016-8527
Last modified
CVE-2016-8527 is a vulnerability of currently unknown severity. Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. EPSS estimates a 13.16% chance of exploitation in the next 30 days.
Description
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hp | Airwave | < 8.2.3.1 |
References
- http://www.securityfocus.com/bid/96495Third Party Advisory, VDB Entry
- https://www.exploit-db.com/exploits/41482/Exploit, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/96495Third Party Advisory, VDB Entry
- https://www.exploit-db.com/exploits/41482/Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-8527?
How severe is CVE-2016-8527?
How do I fix CVE-2016-8527?
Are you affected by CVE-2016-8527?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST