A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
2024-02-27T22:15:15.723
2025-03-27T15:06:37.287
Analyzed
CVSSv3.1: 6.6 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | arubanetworks | clearpass_policy_manager | < 6.9.13 | Yes |
| Application | arubanetworks | clearpass_policy_manager | < 6.10.8 | Yes |
| Application | arubanetworks | clearpass_policy_manager | ≤ 6.11.6 | Yes |
| Application | arubanetworks | clearpass_policy_manager | 6.9.13 | Yes |
| Application | arubanetworks | clearpass_policy_manager | 6.9.13 | Yes |
| Application | arubanetworks | clearpass_policy_manager | 6.9.13 | Yes |
| Application | arubanetworks | clearpass_policy_manager | 6.9.13 | Yes |
| Application | arubanetworks | clearpass_policy_manager | 6.10.8 | Yes |
| Application | arubanetworks | clearpass_policy_manager | 6.10.8 | Yes |
| Application | arubanetworks | clearpass_policy_manager | 6.10.8 | Yes |
| Application | arubanetworks | clearpass_policy_manager | 6.10.8 | Yes |
| Application | arubanetworks | clearpass_policy_manager | 6.12.0 | Yes |