CVE-2025-43484: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in HP Inc. Poly Clariti Manager
A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website does not validate or sanitize the user input before rendering it in the response. HP has addressed the issue in the latest software update.
CVE-2025-43484: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in HP Inc. Poly Clariti Manager
Description
A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website does not validate or sanitize the user input before rendering it in the response. HP has addressed the issue in the latest software update.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- hp
- Date Reserved
- 2025-04-16T15:25:24.712Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6880207ca915ff00f7fc9724
Added to database: 7/22/2025, 11:36:28 PM
Last updated: 7/22/2025, 11:36:28 PM
Views: 1
Related Threats
CVE-2025-43485: CWE-532 Insertion of Sensitive Information into Log File in HP Inc. Poly Clariti Manager
MediumCVE-2025-43483: CWE-321: Use of Hard-coded Cryptographic Key in HP Inc. Poly Clariti Manager
MediumCVE-2025-54139: CWE-1021: Improper Restriction of Rendered UI Layers or Frames in haxtheweb issues
MediumCVE-2025-43488: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in HP Inc. Poly Clariti Manager
LowCVE-2025-43487: CWE-250: Execution with Unnecessary Privileges in HP Inc. Poly Clariti Manager
MediumActions
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.