CVE-2025-43484

A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website does not validate or sanitize the user input before rendering it in the response. HP has addressed the issue in the latest software update.
Configurations

Configuration 1 (hide)

cpe:2.3:a:hp:poly_clariti_manager:*:*:*:*:*:*:*:*

History

02 Oct 2025, 17:43

Type Values Removed Values Added
References () https://support.hp.com/us-en/document/ish_12781425-12781447-16/hbsbpy04037 - () https://support.hp.com/us-en/document/ish_12781425-12781447-16/hbsbpy04037 - Vendor Advisory
CPE cpe:2.3:a:hp:poly_clariti_manager:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
First Time Hp
Hp poly Clariti Manager

25 Jul 2025, 15:29

Type Values Removed Values Added
Summary
  • (es) Se ha identificado una posible vulnerabilidad de cross-site scripting reflejado en Poly Clariti Manager para versiones anteriores a la 10.12.1. El sitio web no valida ni depura la entrada del usuario antes de mostrarla en la respuesta. HP ha solucionado el problema en la última actualización de software.

23 Jul 2025, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-07-23 00:15

Updated : 2025-10-02 17:43


NVD link : CVE-2025-43484

Mitre link : CVE-2025-43484

CVE.ORG link : CVE-2025-43484


JSON object : View

Products Affected

hp

  • poly_clariti_manager
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')