Severity by source
AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to compromise user data and potentially manipulate device configuration settings.
Analysis
A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to compromise user data and potentially manipulate device configuration settings.
More in Arubaos Aos
View allA vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attack
A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remot
A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authentic
A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to t
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29734
GHSA-7qhm-2x69-v62m