A reflected cross-site scripting vulnerability has been identified in the Captive Portal of HPE Aruba Networking AOS-10 Gateways and AOS-8 Controllers/Mobility Conductors. This vulnerability allows remote attackers to execute arbitrary script code in the context of the affected interface on the victim's browser.
Exploitation of this vulnerability could enable attackers to execute arbitrary scripts in the context of the victim's browser, potentially leading to unauthorized actions or data exposure.
Users can upgrade to AOS-10.7.1.1 and above, AOS-10.4.1.7 and above, AOS-8.12.0.4 and above, or AOS-8.10.0.16 and above. For more information, visit the HPE Networking Support Portal.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
