Vigil@nce - ArubaOS: Cross Site Scripting of WebUI
April 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a malicious Wi-Fi access point, in order to
create a Cross Site Scripting in the WebUI interface of ArubaOS.
Impacted products: ArubaOS
Severity: 2/4
Creation date: 19/03/2013
DESCRIPTION OF THE VULNERABILITY
A Wi-Fi access point broadcasts its SSID (Service Set Identifier).
The dashboard of ArubaOS WebUI lists SSID. However, the received
SSID are not filtered before being inserted in the generated HTML
page.
An attacker can therefore use a malicious Wi-Fi access point, in
order to create a Cross Site Scripting in the WebUI interface of
ArubaOS.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/ArubaOS-Cross-Site-Scripting-of-WebUI-12543