Cross-Site Scripting Vulnerability in HPE System Management Homepage for Windows and Linux
CVE-2017-12544

5.4MEDIUM

Key Information:

Vendor
HP
Status
System Management Homepage For Windows And Linux
Vendor
CVE Published:
15 February 2018

Summary

A cross-site scripting vulnerability exists in the HPE System Management Homepage for Windows and Linux, specifically in versions prior to v7.6.1. This issue allows attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or session hijacking. The vulnerability emphasizes the need for immediate updates to ensure system security and safeguard against unauthorized access.

Affected Version(s)

System Management Homepage for Windows and Linux prior to 7.6.1

References

http://www.securitytracker.com/id/1039437
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/101029
vdb-entryx_refsource_BID
https://support.hpe.com/hpsc/doc/public/display?docId=emr...
x_refsource_CONFIRM

EPSS Score

95% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.