CVE-2025-43486 | THREATINT

Description

A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website allows user input to be stored and rendered without proper sanitization. HP has addressed the issue in the latest software update.

PUBLISHED Reserved 2025-04-16 | Published 2025-07-22 | Updated 2025-07-23 | Assigner hp

MEDIUM: 5.7CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

unknown

See HP Security Bulletin reference for affected versions.

affected

References

support.hp.com/...ument/ish_12781425-12781447-16/hbsbpy04037

cve.org (CVE-2025-43486)

nvd.nist.gov (CVE-2025-43486)

Download JSON