Unrated severityNVD Advisory· Published Nov 20, 2007· Updated Jun 16, 2026
CVE-2007-6054
CVE-2007-6054
Description
Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /screens URI, related to the url variable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:h:aruba_networks:mc-800:*:*:2.4.8.6-fips:*:*:*:*:*+ 1 more
- cpe:2.3:h:aruba_networks:mc-800:*:*:2.4.8.6-fips:*:*:*:*:*
- cpe:2.3:h:aruba_networks:mc-800:*:*:firmware_2.5.4.18:*:*:*:*:*
- Range: <=2.5.4.18, <=2.4.8.6-FIPS
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.