CVE-2016-8527: XSS
First published: Mon Aug 06 2018(Updated: )
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hp Airwave | <8.2.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2016-8527.
What is the severity rating of CVE-2016-8527?
The severity rating of CVE-2016-8527 is 6.1 (Medium).
What software versions are affected by CVE-2016-8527?
Aruba Airwave versions up to, but not including 8.2.3.1 are affected by CVE-2016-8527.
What is the impact of CVE-2016-8527?
CVE-2016-8527 allows an attacker to perform a reflected cross-site scripting (XSS) attack, potentially tricking a logged-in AirWave administrative user into clicking a malicious link.
How can I fix CVE-2016-8527?
To fix CVE-2016-8527, it is recommended to update Aruba Airwave to version 8.2.3.1 or higher.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/hp
- canonical/hp airwave