CVE-2025-43484 | THREATINT

Description

A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website does not validate or sanitize the user input before rendering it in the response. HP has addressed the issue in the latest software update.

PUBLISHED Reserved 2025-04-16 | Published 2025-07-22 | Updated 2025-07-23 | Assigner hp

MEDIUM: 6.0CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

unknown

See HP Security Bulletin reference for affected versions.

affected

References

support.hp.com/...ument/ish_12781425-12781447-16/hbsbpy04037

cve.org (CVE-2025-43484)

nvd.nist.gov (CVE-2025-43484)

Download JSON