Cross-site scripting in ClearPass Policy Manager - CVE-2024-26300

Description

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Guest interface. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Remediation

External links

• https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt