AirWave Management Platform Multiple Security Vulnerabilities

AirWave Management Platform is prone to the following multiple security issues:

1. Cross-site scripting vulnerability

2. An XML external entity injection vulnerability

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary commands in the context of the application, gain elevated privileges or cause denial-of-service conditions.

All versions of AirWave prior to 8.2.3.1 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus