N/A

Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logon, when displayed in the audit journals reviewing interface (/AirMagnetSensor/AMSensor.dll/XH) by the Smart Sensor Edge Sensor log viewer; and (3) an SSID of an AP, when displayed on an ACL page (/Amom/Amom.dll/BD) of the Enterprise Server Status Overview in the Enterprise Server Web interface.

N/A

N/A

Airmagnet 多个跨站脚本攻击漏洞

AirMagnet Enterprise存在多个跨站脚本攻击(XSS)漏洞，远程攻击者可以通过(1)Smart Sensor Edge Sensor的404错误页；(2)由Smart Sensor Edge Sensor日志viewer在审计期刊查看界面(/AirMagnetSensor/AMSensor.dll/XH)内显示的失败登录的用户名；和(3)在企业服务器Web界面中企业服务器状态一览ACL页(/Amom/Amom.dll/BD) 内显示的AP的SSID，来注入任意Web脚本或HTML。

N/A

N/A