Date Found: 17th July 2007

Vendor informed: 23rd July 2007

Confirmed by vendor: 13th September 2007

Description:

Aruba 800 is vulnerable to a persistent XSS on the administrator login screen.

An unauthenticated user can re-write the hidden parameter 'url' by requesting a link under th...

[ more ]