Vulnerabilities > Arubanetworks > Edgeconnect SD WAN Orchestrator > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-22 | CVE-2023-37421 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | 5.4 |
| 2023-08-22 | CVE-2023-37422 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | 5.4 |
| 2023-08-22 | CVE-2023-37423 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | 5.4 |
| 2023-08-22 | CVE-2023-37425 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. | 6.1 |
| 2023-08-22 | CVE-2023-37435 | SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. | 6.5 |
| 2023-08-22 | CVE-2023-37436 | SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. | 6.5 |
| 2023-08-22 | CVE-2023-37437 | SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. | 6.5 |
| 2023-08-22 | CVE-2023-37438 | SQL Injection vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. | 6.5 |
| 2023-08-22 | CVE-2023-37439 | Cross-site Scripting vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator 9.3.0 Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. | 6.1 |
| 2023-08-22 | CVE-2023-37440 | Server-Side Request Forgery (SSRF) vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. | 5.3 |