Cross-Site Scripting Vulnerability in HPE Operations Manager
CVE-2016-4380

5.4MEDIUM

Key Information:

Vendor

HP
Status
Operations Manager
Vendor
CVE Published:
8 September 2016

What is CVE-2016-4380?

An XSS vulnerability exists in HPE Operations Manager's AdminUI, permitting remote authenticated users to inject arbitrary web scripts or HTML. This can lead to the execution of malicious scripts in the context of the user's browser, potentially compromising sensitive data and overall security.

References

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1036716
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/92698
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.