CVE-2024-41911 – This vulnerability allows cross-site scripting ... (How to Fix)

Q: What is the severity of CVE-2024-41911?

CVE-2024-41911 has a CVSS score of 5.4 (MEDIUM). This vulnerability allows cross-site scripting (XSS) attacks against Poly Clariti Manager devices. Attackers can inject malicious scripts into web pages generated by the device, potentially compromising user sessions. Organizations using Poly Clariti Manager firmware up to version 10.10.2.2 are affected.

📋 TL;DR

This vulnerability allows cross-site scripting (XSS) attacks against Poly Clariti Manager devices. Attackers can inject malicious scripts into web pages generated by the device, potentially compromising user sessions. Organizations using Poly Clariti Manager firmware up to version 10.10.2.2 are affected.

💻 Affected Systems

Products:

Poly Clariti Manager

Versions: Firmware builds up to 10.10.2.2

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected firmware versions are vulnerable. The vulnerability exists in web page generation functionality.

📦 What is this software?

Poly Clariti Manager by Hp

View all CVEs affecting Poly Clariti Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, hijack user sessions, redirect users to malicious sites, or perform actions on behalf of authenticated users.

🟠

Likely Case

Attackers inject malicious JavaScript to steal session cookies or credentials from users accessing the management interface.

🟢

If Mitigated

With proper input validation and output encoding, the impact is limited to potential UI disruption without code execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

XSS vulnerabilities typically have low exploitation complexity once the injection point is identified. Exploitation requires user interaction with malicious content.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version 10.10.2.3 or later

Vendor Advisory: https://support.hp.com/us-en/document/ish_11006770-11006795-16/hpsbpy03959

Restart Required: Yes

Instructions:

1. Download the latest firmware from HP/Poly support portal. 2. Backup current configuration. 3. Upload and install the firmware update via the web interface. 4. Reboot the device after installation completes.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement web application firewall rules to filter malicious script patterns in input parameters

Content Security Policy

all

Implement strict CSP headers to mitigate XSS impact

🧯 If You Can't Patch

Restrict network access to Poly Clariti Manager to trusted IP addresses only
Implement strong authentication and monitor for suspicious activity in access logs

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface under System > About. If version is 10.10.2.2 or earlier, the device is vulnerable.

Check Version:

No CLI command available. Check via web interface at System > About.

Verify Fix Applied:

Verify firmware version is 10.10.2.3 or later in System > About page.

📡 Detection & Monitoring

Log Indicators:

Unusual input patterns in web server logs containing script tags or JavaScript

Network Indicators:

HTTP requests with suspicious parameters containing script elements

SIEM Query:

source="poly_clariti_logs" AND (http_uri="*<script*" OR http_uri="*javascript:*" OR http_uri="*onload=*" OR http_uri="*onerror=*")

📊 Metadata

CVE ID: CVE-2024-41911

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: August 6, 2024

Last Updated: October 2, 2025

🔗 References

https://support.hp.com/us-en/document/ish_11006770-11006795-16/hpsbpy03959 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41911, you might also want to check these: