Cross-Site Scripting Vulnerability in HPE System Management Homepage
CVE-2016-4393

5.4MEDIUM

Key Information:

Vendor
HP
Status
HP System Management Homepage Before V7.6
Vendor
CVE Published:
28 October 2016

Summary

The HPE System Management Homepage prior to version 7.6 is prone to a cross-site scripting vulnerability that allows remote authenticated attackers to gain unauthorized access to sensitive information. The vulnerability arises from improper handling of user inputs, which can be exploited to inject malicious scripts. If successfully exploited, this could lead to information disclosure or further exploitation within the application environment.

Affected Version(s)

HPE System Management Homepage before v7.6 HPE System Management Homepage before v7.6

References

http://www.securityfocus.com/bid/93961
vdb-entryx_refsource_BID
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...
x_refsource_CONFIRM
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.