Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-26299

Опубликовано: 27 фев. 2024
Источник: nvd
CVSS3: 6.6
CVSS3: 4.8
EPSS Низкий

Описание

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*
Версия от 6.9.0 (включая) до 6.9.13 (исключая)
cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*
Версия от 6.10.0 (включая) до 6.10.8 (исключая)
cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*
Версия от 6.11.0 (включая) до 6.11.6 (включая)
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:-:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_2:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_3:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_4:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:-:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_2:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_5:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_6:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.12.0:*:*:*:*:*:*:*

EPSS

Процентиль: 12%
0.00041
Низкий

6.6 Medium

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

github логотип

GHSA-j6mw-3p6q-wxcc

CVSS3: 6.6
github
почти 2 года назад

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

EPSS

Процентиль: 12%
0.00041
Низкий

6.6 Medium

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79