Error in SSID Processing allows Stored XSS in Web Management...

8.8 / 10

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to compromise user data and potentially manipulate device configuration settings.

Basic Information

ID CVE-2026-23819

Source hpe

Published May 12, 2026 at 18:31

Modified May 12, 2026 at 19:31

Affected Product

Vendor Hewlett Packard Enterprise (HPE)

Product ArubaOS (AOS)

Version 10.8.0.0

Affected Versions Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.8.0.0
Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.7.0.0
Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.4.0.0
Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.13.0.0
Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.12.0.0
Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.10.0.0

CWE Classification

CWE-79

References

support.hpe.com /hpesc/public/docDisplay

{
    "lastseen": "",
    "description": "A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to compromise user data and potentially manipulate device configuration settings.",
    "published": "2026-05-12T18:31:33.726Z",
    "modified": "2026-05-12T19:31:00.149Z",
    "type": "cve",
    "title": "Error in SSID Processing allows Stored XSS in Web Management Interface",
    "source": "hpe",
    "references": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05049en_us&docLocale=en_US",
    "id": "CVE-2026-23819",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.8.0.0\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.7.0.0\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.4.0.0\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.13.0.0\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.12.0.0\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.10.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ArubaOS (AOS)",
    "version": "10.8.0.0",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Error in SSID Processing allows Stored XSS in Web Management Interface_CVE-2026-23819