HPE Aruba AOS-8 Instant
Easy fix7 remedies
cpe:2.3:o:hpe:arubaos:*:*:*:*:*:*:*, +8 more
Easy fix7 remedies
- 10.8.0.0
- 10.7.2.2
- 10.4.1.10
- 8.13.1.1
- 8.12.0.6
- 8.10.0.21
- ~10.6
- ~10.5
- ~10.3
- ~8.12
- ~8.11
- ~8.9
- ~8.8
- ~8.7
- ~8.6
- ~8.5
- ~8.4
- ~6.5
- ~6.4
HPE Aruba Access Points AOS-8 Instant and AOS-10 Web Interface Cross-Site Scripting Vulnerability
Vulnerability
Patched
A cross-site scripting vulnerability has been identified in the web-based management interface of HPE Aruba Access Points running AOS-8 Instant and AOS-10. This vulnerability allows an unauthenticated remote attacker to execute arbitrary JavaScript in the browser of a user on the same local network. Exploitation of this issue could lead to the compromise of user data and manipulation of device configuration settings.
Impact
Exploitation of this vulnerability could result in cross-site scripting, allowing for the execution of malicious scripts in the context of the user's browser.
Remediation
Users are advised to upgrade to AOS-10 AP 10.8.0.1 and above, AOS-10 AP 10.7.2.3 and above, AOS-10 AP 10.4.1.11 and above, AOS-8 Instant 8.13.1.2 and above, AOS-8 Instant 8.12.0.7 and above, or AOS-8 Instant 8.10.0.22 and above. For systems running AOS-8 Instant or AOS-10 AP versions that have reached their End of Maintenance, HPE Aruba Networking has released a one-time exception patch for AOS-8 Instant 8.12.0.6 and below.
Added: May 12, 2026, 9:14 PM
Updated: May 12, 2026, 9:14 PM
Vulnerability Rating
Custom Algorithm
spread
6.8impact
5.4exploitability
4.6remediation
7.9relevance
8.1threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.