CVE-2025-43484

Medium CVSS 6.0

Overview

A potential reflected cross-site scripting vulnerability has been
identified in the Poly Clariti Manager for versions prior to 10.12.1. The
website does not validate or sanitize the user input before rendering it in the
response. HP has addressed the issue in the latest software update.

CWE: CWE-79 Published: 2025-07-23T00:15:24.953

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.0 (MEDIUM)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags