Cross-Site Scripting Vulnerability in HPE Network Node Manager i
CVE-2016-2011

5.4MEDIUM

Key Information:

Vendor: HP
Status: Network Node Manager I
Vendor: CVE Published:; 7 May 2016

Summary

The HPE Network Node Manager i is susceptible to a cross-site scripting (XSS) vulnerability allowing remote authenticated users to inject arbitrary web scripts or HTML code through unspecified vectors. This exploitation may enable attackers to manipulate the web application environment, potentially compromising user sessions or exposing sensitive information. It is crucial for users and administrators of affected versions to assess their security posture and implement necessary updates.

References

http://www.securitytracker.com/id/1035767

vdb-entryx_refsource_SECTRACK

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 7, 2016
Vulnerability Reserved
Jan 22, 2016