CVE-2021-26967: XSS
First published: Fri Mar 05 2021(Updated: )
A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the AirWave management interface.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arubanetworks Airwave | <8.2.12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-26967?
CVE-2021-26967 is a remote reflected cross-site scripting (XSS) vulnerability in Aruba AirWave Management Platform.
How severe is CVE-2021-26967?
CVE-2021-26967 has a severity rating of 6.1 (Medium).
What is the affected software of CVE-2021-26967?
The affected software of CVE-2021-26967 is Aruba AirWave Management Platform prior to version 8.2.12.0.
How can an attacker exploit CVE-2021-26967?
An attacker can exploit CVE-2021-26967 by conducting a reflected cross-site scripting (XSS) attack against the web-based management interface of Aruba AirWave.
Is there a fix available for CVE-2021-26967?
Yes, upgrading to version 8.2.12.0 of Aruba AirWave Management Platform will fix CVE-2021-26967.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/type
- agent/event
- vendor/arubanetworks
- canonical/arubanetworks airwave