CVE-2025-43486

Medium CVSS 5.7

Overview

A potential stored cross-site scripting vulnerability has been
identified in the Poly Clariti Manager for versions prior to 10.12.1. The
website allows user input to be stored and rendered without proper
sanitization. HP has addressed the issue in the latest software update.

CWE: CWE-79 Published: 2025-07-23T00:15:25.213

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 5.7 (MEDIUM)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags