Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-3994

Summary
Assigner-hp
Assigner Org ID-74586083-13ce-40fd-b46a-8e5d23cfbcb2
Published At-28 Oct, 2010 | 19:00
Updated At-07 Aug, 2024 | 03:26
Rejected At-
Credits

Cross-site scripting (XSS) vulnerability in HP Version Control Repository Manager (VCRM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hp
Assigner Org ID:74586083-13ce-40fd-b46a-8e5d23cfbcb2
Published At:28 Oct, 2010 | 19:00
Updated At:07 Aug, 2024 | 03:26
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site scripting (XSS) vulnerability in HP Version Control Repository Manager (VCRM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/41998
third-party-advisory
x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=128811016023086&w=2
vendor-advisory
x_refsource_HP
http://securitytracker.com/id?1024644
vdb-entry
x_refsource_SECTRACK
http://osvdb.org/68907
vdb-entry
x_refsource_OSVDB
http://www.securityfocus.com/bid/44431
vdb-entry
x_refsource_BID
http://marc.info/?l=bugtraq&m=128811016023086&w=2
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/41998
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=bugtraq&m=128811016023086&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://securitytracker.com/id?1024644
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://osvdb.org/68907
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.securityfocus.com/bid/44431
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://marc.info/?l=bugtraq&m=128811016023086&w=2
Resource:
vendor-advisory
x_refsource_HP
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/41998
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://marc.info/?l=bugtraq&m=128811016023086&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://securitytracker.com/id?1024644
vdb-entry
x_refsource_SECTRACK
x_transferred
http://osvdb.org/68907
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.securityfocus.com/bid/44431
vdb-entry
x_refsource_BID
x_transferred
http://marc.info/?l=bugtraq&m=128811016023086&w=2
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/41998
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=128811016023086&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://securitytracker.com/id?1024644
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://osvdb.org/68907
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.securityfocus.com/bid/44431
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=128811016023086&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:hp-security-alert@hp.com
Published At:28 Oct, 2010 | 20:00
Updated At:11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in HP Version Control Repository Manager (VCRM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
HP Inc.
hp
>>hp>>version_control_repository_manager
cpe:2.3:a:hp:hp:version_control_repository_manager:6.0:*:*:*:*:*:*
HP Inc.
hp
>>version_control_repository_manager>>Versions up to 6.1.2(inclusive)
cpe:2.3:a:hp:version_control_repository_manager:*:*:*:*:*:*:*:*
HP Inc.
hp
>>version_control_repository_manager>>1.0.1288.1
cpe:2.3:a:hp:version_control_repository_manager:1.0.1288.1:*:*:*:*:*:*:*
HP Inc.
hp
>>version_control_repository_manager>>1.0.2241.0
cpe:2.3:a:hp:version_control_repository_manager:1.0.2241.0:*:*:*:*:*:*:*
HP Inc.
hp
>>version_control_repository_manager>>1.0.2289.0
cpe:2.3:a:hp:version_control_repository_manager:1.0.2289.0:*:*:*:*:*:*:*
HP Inc.
hp
>>version_control_repository_manager>>1.0.2345.0
cpe:2.3:a:hp:version_control_repository_manager:1.0.2345.0:*:*:*:*:*:*:*
HP Inc.
hp
>>version_control_repository_manager>>1.0.3085.0
cpe:2.3:a:hp:version_control_repository_manager:1.0.3085.0:*:*:*:*:*:*:*
HP Inc.
hp
>>version_control_repository_manager>>1.0.3086.0
cpe:2.3:a:hp:version_control_repository_manager:1.0.3086.0:*:*:*:*:*:*:*
HP Inc.
hp
>>version_control_repository_manager>>2.0.0.50
cpe:2.3:a:hp:version_control_repository_manager:2.0.0.50:*:*:*:*:*:*:*
HP Inc.
hp
>>version_control_repository_manager>>2.0.1.30
cpe:2.3:a:hp:version_control_repository_manager:2.0.1.30:*:*:*:*:*:*:*
HP Inc.
hp
>>version_control_repository_manager>>2.1.1.710
cpe:2.3:a:hp:version_control_repository_manager:2.1.1.710:*:*:*:*:*:*:*
HP Inc.
hp
>>version_control_repository_manager>>2.1.1.720
cpe:2.3:a:hp:version_control_repository_manager:2.1.1.720:*:*:*:*:*:*:*
HP Inc.
hp
>>version_control_repository_manager>>6.0.1
cpe:2.3:a:hp:version_control_repository_manager:6.0.1:*:*:*:*:*:*:*
HP Inc.
hp
>>version_control_repository_manager>>6.0.2
cpe:2.3:a:hp:version_control_repository_manager:6.0.2:*:*:*:*:*:*:*
HP Inc.
hp
>>version_control_repository_manager>>6.1
cpe:2.3:a:hp:version_control_repository_manager:6.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://marc.info/?l=bugtraq&m=128811016023086&w=2hp-security-alert@hp.com
Vendor Advisory
http://marc.info/?l=bugtraq&m=128811016023086&w=2hp-security-alert@hp.com
Vendor Advisory
http://osvdb.org/68907hp-security-alert@hp.com
N/A
http://secunia.com/advisories/41998hp-security-alert@hp.com
Vendor Advisory
http://securitytracker.com/id?1024644hp-security-alert@hp.com
N/A
http://www.securityfocus.com/bid/44431hp-security-alert@hp.com
N/A
http://marc.info/?l=bugtraq&m=128811016023086&w=2af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://marc.info/?l=bugtraq&m=128811016023086&w=2af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://osvdb.org/68907af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/41998af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securitytracker.com/id?1024644af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/44431af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://marc.info/?l=bugtraq&m=128811016023086&w=2
Source: hp-security-alert@hp.com
Resource:
Vendor Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=128811016023086&w=2
Source: hp-security-alert@hp.com
Resource:
Vendor Advisory
Hyperlink: http://osvdb.org/68907
Source: hp-security-alert@hp.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/41998
Source: hp-security-alert@hp.com
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1024644
Source: hp-security-alert@hp.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/44431
Source: hp-security-alert@hp.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=128811016023086&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=128811016023086&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://osvdb.org/68907
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/41998
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1024644
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/44431
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

12312Records found
CVE-2019-5401
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.8||MEDIUM
EPSS-0.37% / 57.86%
||
7 Day CHG~0.00%
Published-01 Aug, 2019 | 21:21
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017.

Action-Not Available
Vendor-HPHP Inc.
Product-hp2910al-48g_firmwarehp2910al-48gHP 2910-48G al Switch
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-6332
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.24% / 46.44%
||
7 Day CHG~0.00%
Published-09 Jan, 2020 | 18:23
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A - V1N08A, Y5H60A - Y5H80A; HP DeskJet Ink Advantage 2600 All-in-One Printer series model numbers V1N02A - V1N02B, Y5Z00A - Y5Z04B; HP DeskJet Ink Advantage 5000 All-in-One Printer series model numbers M2U86A - M2U89B; HP DeskJet Ink Advantage 5200 All-in-One Printer series model numbers M2U76A - M2U78B; HP ENVY 5000 All-in-One Printer series model numbers M2U85A - M2U85B, M2U91A - M2U94B, Z4A54A - Z4A74A; HP ENVY Photo 6200 All-in-One Printer series model numbers K7G18A-K7G26B, K7S21B, Y0K13D - Y0K15A; HP ENVY Photo 7100 All-in-One Printer series model numbers 3XD89A, K7G93A-K7G99A, Z3M37A - Z3M52A; HP ENVY Photo 7800 All-in-One Printer series model numbers K7R96A, K7S00A - K7S10D, Y0G42D - Y0G52B; HP Ink Tank Wireless 410 series model numbers Z4B53A - Z4B55A, Z6Z95A - Z6Z99A, 4DX94A - 4DX95A, 4YF79A, Z7A01A; HP OfficeJet 5200 All-in-One Printer series model numbers M2U75A, M2U81A-M2U84B, Z4B12A - Z4B14A, Z4B27A - Z4B29A; HP Smart Tank Wireless 450 series model numbers Z4B56A, Z6Z96A - Z6Z98A.

Action-Not Available
Vendor-HP Inc.
Product-envy_photo_6200_y0k15aink_tank_wireless_410_z6z95a_firmwaredeskjet_ink_advantage_5200_m2u78b_firmwareenvy_photo_7100_k7g99aenvy_photo_6200_y0k13d__firmwareenvy_5000_m2u85b_firmwaredeskjet_ink_advantage_2600_y5z00aenvy_5000_z4a74aofficejet_5200_m2u75a_firmwaredeskjet_ink_advantage_5000_m2u86aofficejet_5200_z4b12aenvy_5000_m2u85adeskjet_ink_advantage_2600_v1n02a_firmwaredeskjet_ink_advantage_2600_v1n02benvy_photo_7100_3xd89aenvy_photo_7800_k7s00a_firmwareenvy_5000_m2u85a_firmwaredeskjet_2600_y5h60aenvy_photo_7800_k7r96a_firmwareenvy_photo_7100_k7g99a_firmwareink_tank_wireless_410_z4b55asmart_tank_wireless_450_z6z96a_firmwareenvy_photo_7100_k7g93a_firmwareink_tank_wireless_410_z7a01a_firmwaredeskjet_2600_v1n01a_firmwareenvy_5000_m2u94bofficejet_5200_m2u84b_firmwareink_tank_wireless_410_z4b53a_firmwareenvy_photo_6200_k7s21bdeskjet_ink_advantage_2600_y5z04bdeskjet_ink_advantage_5200_m2u78bofficejet_5200_z4b27a_firmwaredeskjet_ink_advantage_2600_y5z00a_firmwareenvy_photo_6200_k7g26b_firmwareink_tank_wireless_410_z4b53adeskjet_2600_v1n08adeskjet_ink_advantage_5000_m2u86a_firmwareofficejet_5200_z4b29aenvy_photo_7100_3xd89a_firmwareenvy_5000_z4a74a_firmwareenvy_5000_m2u91adeskjet_ink_advantage_2600_v1n02b_firmwareink_tank_wireless_410_4yf79aofficejet_5200_z4b27aenvy_photo_6200_y0k13d_officejet_5200_z4b14a_firmwareink_tank_wireless_410_z6z95aofficejet_5200_m2u84bdeskjet_2600_v1n01aink_tank_wireless_410_z4b55a_firmwareenvy_photo_6200_k7s21b_firmwaredeskjet_2600_y5h80aofficejet_5200_z4b12a_firmwaresmart_tank_wireless_450_z6z96adeskjet_2600_4uj28bdeskjet_2600_v1n08a_firmwareenvy_5000_m2u94b_firmwaredeskjet_2600_4uj28b_firmwareenvy_photo_7100_z3m52aenvy_photo_7800_y0g52b_firmwareenvy_photo_7800_y0g52bofficejet_5200_m2u81aenvy_photo_6200_y0k15a_firmwaredeskjet_2600_y5h80a_firmwareenvy_photo_7800_y0g42dsmart_tank_wireless_450_z4b56a_firmwaresmart_tank_wireless_450_z6z98a_firmwareink_tank_wireless_410_z6z99adeskjet_ink_advantage_2600_v1n02aenvy_photo_6200_k7g18adeskjet_ink_advantage_5200_m2u76a_firmwareink_tank_wireless_410_4dx95aenvy_photo_7800_y0g42d_firmwaresmart_tank_wireless_450_z6z98aenvy_photo_7100_z3m37adeskjet_2600_y5h60a_firmwareenvy_photo_7100_k7g93aenvy_photo_7800_k7r96aink_tank_wireless_410_4dx94adeskjet_ink_advantage_5200_m2u76a_ink_tank_wireless_410_4yf79a_firmwareenvy_photo_6200_k7g26bofficejet_5200_m2u81a_firmwareink_tank_wireless_410_4dx95a_firmwareofficejet_5200_z4b14adeskjet_ink_advantage_5000_m2u89b_firmwareenvy_5000_m2u85benvy_photo_6200_k7g18a_firmwaresmart_tank_wireless_450_z4b56aink_tank_wireless_410_z7a01aofficejet_5200_m2u75aink_tank_wireless_410_z6z99a_firmwareenvy_photo_7100_z3m52a_firmwareink_tank_wireless_410_4dx94a_firmwareenvy_photo_7800_k7s10d_firmwareenvy_photo_7100_z3m37a_firmwareenvy_5000_m2u91a_firmwareenvy_photo_7800_k7s10denvy_5000_z4a54a_firmwareenvy_photo_7800_k7s00adeskjet_ink_advantage_5000_m2u89benvy_5000_z4a54aofficejet_5200_z4b29a_firmwaredeskjet_ink_advantage_2600_y5z04b_firmwareHP ENVY Photo 7800 All-in-One Printer seriesHP DeskJet Ink Advantage 2600 All-in-One Printer seriesHP ENVY 5000 All-in-One Printer seriesHP DeskJet Ink Advantage 5000 All-in-One Printer seriesHP ENVY Photo 7100 All-in-One Printer seriesHP Ink Tank Wireless 410 seriesHP DeskJet 2600 All-in-One Printer seriesHP OfficeJet 5200 All-in-One Printer seriesHP Smart Tank Wireless 450 seriesHP ENVY Photo 6200 All-in-One Printer seriesHP DeskJet Ink Advantage 5200 All-in-One Printer series
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-5397
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.4||CRITICAL
EPSS-1.28% / 78.78%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 17:01
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-3par_service_processor_firmware3par_service_processorHPE 3PAR Service Processor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-5398
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.4||MEDIUM
EPSS-0.32% / 54.02%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 17:03
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-3par_service_processor_firmware3par_service_processorHPE 3PAR Service Processor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28083
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.3||HIGH
EPSS-0.17% / 38.43%
||
7 Day CHG~0.00%
Published-20 Mar, 2023 | 12:34
Updated-26 Feb, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential Cross-Site scripting vulnerability in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4).

A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)HP Inc.
Product-proliant_ml350e_gen8_serverproliant_dl560_gen10_serverproliant_ml350p_gen8_serverapollo_r2600_gen10proliant_ml350_gen10_serverproliant_dl325_gen11_serverstoreeasy_1540_storageproliant_dl360p_gen8_serverproliant_dl80_gen9_serverproliant_ml310e_gen8_v2_serverapollo_6500_gen10_systemapollo_4200_gen10_serverproliant_dl385p_gen8_\(amd\)proliant_xl270d_gen9_special_serverproliant_xl290n_gen10_plus_serversynergy_620_gen9_compute_modulestoreeasy_1550_storagestoreeasy_1650_storageproliant_dl380p_gen8_serverproliant_dl20_gen10_serverstoreeasy_1860_performance_storagestorage_file_controllerproliant_dl360_gen10_plus_serverproliant_bl465c_gen8_server_bladeproliant_bl460c_gen9_server_bladeproliant_xl250a_gen9_serverproliant_dl325_gen10_plus_serverproliant_bl660c_gen9_serverproliant_dl385_gen10_plus_serverproliant_dl365_gen11_serverintegrated_lights-out_4proliant_dx190r_gen10_serverproliant_xl225n_gen10_plus_1u_nodeproliant_ml310e_gen8_serverstoreeasy_3850_gateway_storageproliant_xl230b_gen9_serverstoreeasy_3840_gateway_storage_bladeproliant_dx325_gen10_plus_v2_serverproliant_dl60_gen9_serverproliant_ml110_gen10_serverproliant_dl580_gen8_serverproliant_dx385_gen10_plus_v2_serverproliant_ml350_gen11_serverstoreeasy_3850_gateway_storage_bladestoreeasy_1460_storageapollo_n2600_gen10_plusproliant_xl230a_gen9_serverintegrated_lights-out_6storeeasy_3840_gateway_storagestoreeasy_1630_storagesynergy_660_gen10_compute_moduleedgeline_e920d_server_bladeproliant_dl320e_gen8_serverproliant_dl345_gen11_serverproliant_dx385_gen10_plus_serverproliant_sl250s_gen8_serverproliant_dx4200_gen10_serverproliant_dl380_gen11_serverproliant_xl170r_gen9_serverstoreeasy_1450_storageproliant_microserver_gen8proliant_xl730f_gen9_serverstoreeasy_1430_storageproliant_ml350_gen9_serverstoreeasy_1830_storageproliant_xl220n_gen10_plus_serverapollo_4200_gen10_plus_systemproliant_dl365_gen10_plus_serverstoreeasy_1860_storageproliant_xl270d_gen10_serverproliant_dl385_gen10_plus_v2_serverproliant_dl380_gen9_serverstorevirtual_3000_file_controllerproliant_xl450_gen9_serversynergy_480_gen9_compute_moduleapollo_6500_gen10_plus_systemstoreeasy_1530_storageproliant_bl420c_gen8_serverproliant_dl385_gen11_serverapollo_r2800_gen10edgeline_e920t_server_bladeproliant_dl180_gen10_serverproliant_ws460c_gen8_graphics_server_bladeproliant_bl460c_gen8_server_bladestoreeasy_1850_storageproliant_dl580_gen10_serverproliant_xl220a_gen8_v2_serverstoreeasy_3830_gateway_storageproliant_ml30_gen10_plus_serverstoreeasy_1660_performance_storagestoreeasy_1440_storageproliant_dl180_gen9_serverproliant_xl170r_gen10_serverstoreeasy_1660_expanded_storageproliant_dl580_gen9_serverproliant_dx360_gen10_serverproliant_xl190r_gen9_serverproliant_dl560_gen9_serverproliant_dl360_gen11_serverproliant_xl740f_gen9_serverproliant_dl360_gen9_serverproliant_dx220n_gen10_plus_serverproliant_dx360_gen10_plus_serverproliant_sl270s_gen8_serverproliant_dl320_gen11_serverproliant_ml30_gen9_serverproliant_dl345_gen10_plus_serverproliant_dl560_gen8_serverproliant_dx380_gen10_serverproliant_e910t_server_bladeproliant_e910_server_bladeproliant_dl360_gen10_serverapollo_r2200_gen10synergy_680_gen9_compute_moduleproliant_xl450_gen10_serverproliant_xl645d_gen10_plus_serverstorage_performance_file_controllerproliant_dl20_gen10_plus_serverproliant_xl230k_gen10_serverapollo_n2800_gen10_plusproliant_dl325_gen10_serversynergy_660_gen9_compute_moduleproliant_dl320e_gen8_v2_serversynergy_480_gen10_plus_compute_moduleproliant_xl675d_gen10_plus_serverproliant_dl160_gen9_serverproliant_dl20_gen9_serverstoreeasy_1640_storageproliant_sl230s_gen8_serverproliant_dl380_gen10_serverproliant_sl270s_gen8_se_serverstoreeasy_1840_storageproliant_xl190r_gen10_serverproliant_dl120_gen9_serverstoreeasy_1650_expanded_storageintegrated_lights-out_5proliant_dx380_gen10_plus_serverproliant_dl360e_gen8_serverapollo_4510_gen10_systemstoreeasy_3850_gateway_single_node_upgradeproliant_xl750f_gen9_serverproliant_dl160_gen8_serverproliant_dl380e_gen8_serverproliant_dl385_gen10_serverproliant_ws460c_gen9_graphics_server_bladeproliant_bl460c_gen10_server_bladeproliant_dx170r_gen10_serverproliant_dx560_gen10_serversynergy_480_gen10_compute_moduleedgeline_e920_server_bladeproliant_ml110_gen9_serverproliant_dl120_gen10_serverstoreeasy_1660_storageapollo_4200_gen9_serverproliant_bl660c_gen8_server_bladeproliant_ml350e_gen8_v2_serverproliant_dl160_gen10_serverapollo_r2000_chassisproliant_dl380_gen10_plus_serverstoreeasy_1560_storageproliant_sl210t_gen8_serverstoreeasy_3830_gateway_storage_bladeIntegrated Lights-Out
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-5403
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.8||MEDIUM
EPSS-0.32% / 54.77%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 17:29
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-3par_storeserv_management_consoleHPE 3PAR StoreServ Management and Core Software Media
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-22477
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 52.00%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 16:25
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-5827
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 50.85%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross site scripting vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-aruba_clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-26283
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.23%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 21:35
Updated-25 Feb, 2025 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server cross-site scripting

IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationHP Inc.Oracle CorporationIBM Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46846
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.4||MEDIUM
EPSS-0.14% / 34.38%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 16:06
Updated-02 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)HP Inc.
Product-proliant_ml350_gen10_serverproliant_xl190r_gen10_serverproliant_xl290n_gen10_plus_serverstoreeasy_1460_storagestoreeasy_1660_expanded_storageproliant_e910_server_bladeproliant_xl170r_gen10_serverproliant_xl270d_gen10_serverstoreeasy_1560_storageapollo_6500_gen10_plus_system3par_service_processorproliant_dl380_gen10_serverapollo_4200_gen10_serverproliant_ml110_gen10_serverapollo_4510_gen10_systemproliant_dl325_gen10_serverintegrated_lights-out_5_firmwareproliant_e910t_server_bladeproliant_xl645d_gen10_plus_serverproliant_xl450_gen10_serverproliant_dx385_gen10_plus_serverproliant_dl580_gen10_serverstoreeasy_1660_storagestoreeasy_1860_storageproliant_dl120_gen10_serverapollo_2000_gen10_plus_systemproliant_microserver_gen10proliant_dl325_gen10_plus_serverproliant_m750_server_bladeproliant_xl675d_gen10_plus_serverproliant_dl160_gen10_serverproliant_ml30_gen10_serverproliant_xl220n_gen10_plus_serverproliant_dl560_gen10_serverproliant_bl460c_gen10_server_bladestorage_file_controllerproliant_microserver_gen10_plusproliant_dl20_gen10_serverproliant_dl180_gen10_serverproliant_dl385_gen10_serverproliant_dl385_gen10_plus_serverproliant_xl230k_gen10_serverapollo_r2000_chassisproliant_dl360_gen10_serverintegrated_lights-out_5HPE Integrated Lights-Out 5
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3441
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.22% / 45.12%
||
7 Day CHG~0.00%
Published-29 Oct, 2021 | 11:34
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS).

Action-Not Available
Vendor-n/aHP Inc.
Product-officejet_7110_firmwareofficejet_7110HP OfficeJet 7110 Wide Format ePrinter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-14359
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 46.84%
||
7 Day CHG~0.00%
Published-03 Nov, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MFSBGN03788 rev.1 - HPE Performance Center, Remote Cross-Site Scripting (XSS)

A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting.

Action-Not Available
Vendor-Micro Focus International LimitedHP Inc.
Product-performance_centerHPE Performance Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-33846
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.29%
||
7 Day CHG~0.00%
Published-08 Jun, 2023 | 00:39
Updated-06 Jan, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM CICS TX cross-site scripting

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 257100.

Action-Not Available
Vendor-HP Inc.IBM CorporationLinux Kernel Organization, Inc
Product-linux_kerneltxseries_for_multiplatformcics_txhp-uxaixCICS TX AdvancedCICS TX StandardTXSeries for Multiplatforms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29201
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.8||MEDIUM
EPSS-0.12% / 31.80%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 13:24
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

Action-Not Available
Vendor-n/aHP Inc.
Product-proliant_dl360_gen10_serverproliant_dl325_gen10_plus_serverproliant_dl385_gen10_serverproliant_dl580_gen10_serverproliant_dl560_gen10_serverproliant_xl270d_gen10_serverproliant_bl460c_gen10_server_bladesimplivity_2600proliant_dl385_gen10_plus_serverintegrated_lights-out_4proliant_xl170r_gen10_serverproliant_ml350_gen10_serverproliant_dl120_gen10_serverproliant_dl380_gen10_serverproliant_xl450_gen10_serversimplivity_380_gen10_gproliant_ml30_gen10_serverproliant_xl230k_gen10_serverproliant_xl190r_gen10_serverproliant_ml110_gen10_serverintegrated_lights-out_5proliant_dl160_gen10_serversimplivity_380_gen9simplivity_380_gen10proliant_dl180_gen10_serverproliant_dl325_gen10_serverproliant_dl20_gen10_serversimplivity_325simplivity_380_gen10_hHPE Integrated Lights-Out 4 (iLO 4) For HPE Gen9 servers; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29204
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.8||MEDIUM
EPSS-0.11% / 30.35%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 13:37
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

Action-Not Available
Vendor-n/aHP Inc.
Product-proliant_dl360_gen10_serverproliant_dl325_gen10_plus_serverproliant_dl385_gen10_serverproliant_dl580_gen10_serverproliant_dl560_gen10_serverproliant_xl270d_gen10_serverproliant_bl460c_gen10_server_bladesimplivity_2600proliant_dl385_gen10_plus_serverintegrated_lights-out_4proliant_xl170r_gen10_serverproliant_ml350_gen10_serverproliant_dl120_gen10_serverproliant_dl380_gen10_serverproliant_xl450_gen10_serversimplivity_380_gen10_gproliant_ml30_gen10_serverproliant_xl230k_gen10_serverproliant_xl190r_gen10_serverproliant_ml110_gen10_serverintegrated_lights-out_5simplivity_380_gen9proliant_dl160_gen10_serversimplivity_380_gen10proliant_dl180_gen10_serverproliant_dl325_gen10_serverproliant_dl20_gen10_serversimplivity_325simplivity_380_gen10_hHPE Integrated Lights-Out 4 (iLO 4) For HPE Gen9 servers; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29206
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.8||MEDIUM
EPSS-0.12% / 31.80%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 13:53
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

Action-Not Available
Vendor-n/aHP Inc.
Product-proliant_dl360_gen10_serverproliant_dl325_gen10_plus_serverproliant_dl385_gen10_serverproliant_dl580_gen10_serverproliant_dl560_gen10_serverproliant_xl270d_gen10_serverproliant_bl460c_gen10_server_bladesimplivity_2600proliant_dl385_gen10_plus_serverintegrated_lights-out_4proliant_xl170r_gen10_serverproliant_ml350_gen10_serverproliant_dl120_gen10_serverproliant_dl380_gen10_serverproliant_xl450_gen10_serversimplivity_380_gen10_gproliant_ml30_gen10_serverproliant_xl230k_gen10_serverproliant_xl190r_gen10_serverproliant_ml110_gen10_serverintegrated_lights-out_5simplivity_380_gen9proliant_dl160_gen10_serversimplivity_380_gen10proliant_dl180_gen10_serverproliant_dl325_gen10_serverproliant_dl20_gen10_serversimplivity_325simplivity_380_gen10_hHPE Integrated Lights-Out 4 (iLO 4) For HPE Gen9 servers; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29211
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.8||MEDIUM
EPSS-0.11% / 30.35%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 14:11
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

Action-Not Available
Vendor-n/aHP Inc.
Product-proliant_dl360_gen10_serverproliant_dl325_gen10_plus_serverproliant_dl385_gen10_serverproliant_dl580_gen10_serverproliant_dl560_gen10_serverproliant_xl270d_gen10_serverproliant_bl460c_gen10_server_bladesimplivity_2600proliant_dl385_gen10_plus_serverintegrated_lights-out_4proliant_xl170r_gen10_serverproliant_ml350_gen10_serverproliant_dl120_gen10_serverproliant_dl380_gen10_serverproliant_xl450_gen10_serversimplivity_380_gen10_gproliant_ml30_gen10_serverproliant_xl230k_gen10_serverproliant_xl190r_gen10_serverproliant_ml110_gen10_serverintegrated_lights-out_5simplivity_380_gen9proliant_dl160_gen10_serversimplivity_380_gen10proliant_dl180_gen10_serverproliant_dl325_gen10_serverproliant_dl20_gen10_serversimplivity_325simplivity_380_gen10_hHPE Integrated Lights-Out 4 (iLO 4) For HPE Gen9 servers; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29205
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.8||MEDIUM
EPSS-0.11% / 30.35%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 13:37
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

Action-Not Available
Vendor-n/aHP Inc.
Product-proliant_dl360_gen10_serverproliant_dl325_gen10_plus_serverproliant_dl385_gen10_serverproliant_dl580_gen10_serverproliant_dl560_gen10_serverproliant_xl270d_gen10_serverproliant_bl460c_gen10_server_bladesimplivity_2600proliant_dl385_gen10_plus_serverintegrated_lights-out_4proliant_xl170r_gen10_serverproliant_ml350_gen10_serverproliant_dl120_gen10_serverproliant_dl380_gen10_serverproliant_xl450_gen10_serversimplivity_380_gen10_gproliant_ml30_gen10_serverproliant_xl230k_gen10_serverproliant_xl190r_gen10_serverproliant_ml110_gen10_serverintegrated_lights-out_5simplivity_380_gen9proliant_dl160_gen10_serversimplivity_380_gen10proliant_dl180_gen10_serverproliant_dl325_gen10_serverproliant_dl20_gen10_serversimplivity_325simplivity_380_gen10_hHPE Integrated Lights-Out 4 (iLO 4) For HPE Gen9 servers; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29208
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.8||MEDIUM
EPSS-0.18% / 39.31%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 14:32
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

Action-Not Available
Vendor-n/aHP Inc.
Product-proliant_dl360_gen10_serverproliant_dl325_gen10_plus_serverproliant_dl385_gen10_serverproliant_dl580_gen10_serverproliant_dl560_gen10_serverproliant_xl270d_gen10_serverproliant_bl460c_gen10_server_bladesimplivity_2600proliant_dl385_gen10_plus_serverintegrated_lights-out_4proliant_xl170r_gen10_serverproliant_ml350_gen10_serverproliant_dl120_gen10_serverproliant_dl380_gen10_serverproliant_xl450_gen10_serversimplivity_380_gen10_gproliant_ml30_gen10_serverproliant_xl230k_gen10_serverproliant_xl190r_gen10_serverproliant_ml110_gen10_serverintegrated_lights-out_5simplivity_380_gen9proliant_dl160_gen10_serversimplivity_380_gen10proliant_dl180_gen10_serverproliant_dl325_gen10_serverproliant_dl20_gen10_serversimplivity_325simplivity_380_gen10_hHPE Integrated Lights-Out 4 (iLO 4) For HPE Gen9 servers; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2021-29207
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.8||MEDIUM
EPSS-0.11% / 30.35%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 13:53
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

Action-Not Available
Vendor-n/aHP Inc.
Product-proliant_dl360_gen10_serverproliant_dl325_gen10_plus_serverproliant_dl385_gen10_serverproliant_dl580_gen10_serverproliant_dl560_gen10_serverproliant_xl270d_gen10_serverproliant_bl460c_gen10_server_bladesimplivity_2600proliant_dl385_gen10_plus_serverintegrated_lights-out_4proliant_xl170r_gen10_serverproliant_ml350_gen10_serverproliant_dl120_gen10_serverproliant_dl380_gen10_serverproliant_xl450_gen10_serversimplivity_380_gen10_gproliant_ml30_gen10_serverproliant_xl230k_gen10_serverproliant_xl190r_gen10_serverproliant_ml110_gen10_serverintegrated_lights-out_5simplivity_380_gen9proliant_dl160_gen10_serversimplivity_380_gen10proliant_dl180_gen10_serverproliant_dl325_gen10_serverproliant_dl20_gen10_serversimplivity_325simplivity_380_gen10_hHPE Integrated Lights-Out 4 (iLO 4) For HPE Gen9 servers; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3662
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 51.39%
||
7 Day CHG~0.00%
Published-29 Oct, 2021 | 11:32
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS).

Action-Not Available
Vendor-n/aHP Inc.
Product-futuresmart_5futuresmart_4HP Enterprise LaserJet MFP; HP Enterprise PageWide MFPs; HP Digital Sender
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5447
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 45.79%
||
7 Day CHG~0.00%
Published-05 Jan, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-storeonce_backup_system_softwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-8532
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 52.81%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross site scripting vulnerability in HPE Matrix Operating Environment version 7.6 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-matrix_operating_environmentMatrix Operating Environment
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-8522
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 50.33%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-diagnosticsDiagnostics
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-4400
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.4||MEDIUM
EPSS-0.31% / 53.47%
||
7 Day CHG-0.05%
Published-06 Aug, 2018 | 20:00
Updated-06 Aug, 2024 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS).

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-network_node_manager_iHP Network Node Manager (NNMi)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-4380
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 50.17%
||
7 Day CHG~0.00%
Published-08 Sep, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-operations_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-4399
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 50.33%
||
7 Day CHG-0.04%
Published-06 Aug, 2018 | 20:00
Updated-06 Aug, 2024 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS).

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-network_node_manager_iHP Network Node Manager (NNMi)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-4392
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 50.33%
||
7 Day CHG-0.04%
Published-06 Aug, 2018 | 20:00
Updated-06 Aug, 2024 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-business_service_managementHP Business Service Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-4393
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 48.25%
||
7 Day CHG~0.00%
Published-28 Oct, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)HP Inc.
Product-system_management_homepageHPE System Management Homepage before v7.6
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-2010
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 45.58%
||
7 Day CHG~0.00%
Published-07 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_node_manager_in/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-2011
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 45.58%
||
7 Day CHG~0.00%
Published-07 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_node_manager_in/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-11982
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.3||HIGH
EPSS-0.72% / 71.55%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 16:35
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote cross site scripting vulnerability was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than v2.61b for Gen9 servers and Integrated Lights-Out 5 (iLO 5) for Gen10 Servers earlier than version v1.39.

Action-Not Available
Vendor-n/aHP Inc.
Product-proliant_ml30_gen9proliant_ml350_gen9proliant_xl190r_gen9proliant_dl120_gen10integrated_lights-out_4_firmwareproliant_xl250a_gen9proliant_xl190r_gen10proliant_xl750f_gen9proliant_ml10_gen9proliant_dl360_gen10proliant_dl180_gen9proliant_dl385_gen10proliant_dl380_gen10proliant_xl230k_gen10proliant_xl230a_gen9proliant_xl740f_gen9proliant_dl325_gen10proliant_dl560_gen10proliant_bl460c_gen9proliant_dl160_gen10proliant_dl580_gen9integrated_lights-out_5_firmwareproliant_dl20_gen10proliant_dl580_gen10proliant_xl450_gen10proliant_ml110_gen10proliant_xl170r_gen10proliant_dl380_gen9proliant_ml110_gen9proliant_ml350_gen10proliant_dl180_gen10proliant_dl360_gen9proliant_dl120_gen9proliant_xl170r_gen9proliant_ml150_gen9proliant_bl460c_gen10proliant_xl730f_gen9proliant_microserver_gen10proliant_ws460c_gen9HPE iLO4 and HPE iLO5
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-45071
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 35.48%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 16:20
Updated-21 Oct, 2024 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server cross-site scripting

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-45073
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.10% / 27.51%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 22:00
Updated-07 Jan, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server cross-site scripting

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverhp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-11656
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 39.35%
||
7 Day CHG~0.00%
Published-04 Oct, 2019 | 19:16
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

Action-Not Available
Vendor-n/aHP Inc.
Product-arcsight_loggerArcSight Logger.
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-41911
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 33.34%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 14:07
Updated-28 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation.

Action-Not Available
Vendor-HP Inc.
Product-poly_clariti_manager_firmwarepoly_clariti_managerPoly Clariti Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-41910
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.13% / 33.12%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 14:05
Updated-14 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used.

Action-Not Available
Vendor-HP Inc.
Product-poly_clariti_manager_firmwarepoly_clariti_managerPoly Clariti Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-39035
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.89%
||
7 Day CHG-0.09%
Published-16 Aug, 2022 | 18:45
Updated-16 Sep, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213965.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_b2b_integratorsolarislinux_kernelhp-uxwindowsaixSterling B2B Integrator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-29209
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.8||MEDIUM
EPSS-0.18% / 39.31%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 14:32
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

Action-Not Available
Vendor-n/aHP Inc.
Product-proliant_dl360_gen10_serverproliant_dl325_gen10_plus_serverproliant_dl385_gen10_serverproliant_dl580_gen10_serverproliant_dl560_gen10_serverproliant_xl270d_gen10_serverproliant_bl460c_gen10_server_bladesimplivity_2600proliant_dl385_gen10_plus_serverintegrated_lights-out_4proliant_xl170r_gen10_serverproliant_ml350_gen10_serverproliant_dl120_gen10_serverproliant_dl380_gen10_serverproliant_xl450_gen10_serversimplivity_380_gen10_gproliant_ml30_gen10_serverproliant_xl230k_gen10_serverproliant_xl190r_gen10_serverproliant_ml110_gen10_serverintegrated_lights-out_5simplivity_380_gen9proliant_dl160_gen10_serversimplivity_380_gen10proliant_dl180_gen10_serverproliant_dl325_gen10_serverproliant_dl20_gen10_serversimplivity_325simplivity_380_gen10_hHPE Integrated Lights-Out 4 (iLO 4) For HPE Gen9 servers; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2021-29210
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.8||MEDIUM
EPSS-0.18% / 39.31%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 14:11
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78.

Action-Not Available
Vendor-n/aHP Inc.
Product-proliant_dl360_gen10_serverproliant_dl325_gen10_plus_serverproliant_dl385_gen10_serverproliant_dl580_gen10_serverproliant_dl560_gen10_serverproliant_xl270d_gen10_serverproliant_bl460c_gen10_server_bladesimplivity_2600proliant_dl385_gen10_plus_serverintegrated_lights-out_4proliant_xl170r_gen10_serverproliant_ml350_gen10_serverproliant_dl120_gen10_serverproliant_dl380_gen10_serverproliant_xl450_gen10_serversimplivity_380_gen10_gproliant_ml30_gen10_serverproliant_xl230k_gen10_serverproliant_xl190r_gen10_serverproliant_ml110_gen10_serverintegrated_lights-out_5simplivity_380_gen9proliant_dl160_gen10_serversimplivity_380_gen10proliant_dl180_gen10_serverproliant_dl325_gen10_serverproliant_dl20_gen10_serversimplivity_325simplivity_380_gen10_hHPE Integrated Lights-Out 4 (iLO 4) For HPE Gen9 servers; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2013-6196
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-3.5||LOW
EPSS-0.33% / 55.30%
||
7 Day CHG~0.00%
Published-21 Dec, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-autonomy_ultraseekn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-20562
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.71% / 71.46%
||
7 Day CHG~0.00%
Published-27 Jul, 2021 | 11:25
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199232.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_b2b_integratorsolarislinux_kernelihp-uxwindowsaixSterling B2B Integrator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-6324
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.32% / 54.76%
||
7 Day CHG~0.00%
Published-17 Jun, 2019 | 15:55
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page

Action-Not Available
Vendor-n/aHP Inc.
Product-y5s53a_firmwaret6b83aw2g54a_firmwarey5s55aw2g54ay5s50a_firmwaret6b80at6b82a_firmwarey5s54ay5s54a_firmwaret6b83a_firmwaret6b80a_firmwarew2g55a_firmwarey5s50at6b82aw2g55ay5s53ay5s55a_firmwaret6b81a_firmwaret6b81aHP Color LaserJet Pro M280-M281 Multifunction Printer series; HP LaserJet Pro MFP M28-M31 Printer series
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-5800
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 46.41%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Bridge Analytics version v3.0 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-operations_bridge_analyticsOperations Bridge Analytics
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-19877
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-6.69% / 90.86%
||
7 Day CHG~0.00%
Published-05 Dec, 2018 | 21:00
Updated-05 Aug, 2024 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.

Action-Not Available
Vendor-adisconn/a
Product-loganalyzern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-6540
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.21% / 43.64%
||
7 Day CHG~0.00%
Published-07 Jun, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software.

Action-Not Available
Vendor-igcbn/a
Product-intellect_digital_coren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3002
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-30.35% / 96.53%
||
7 Day CHG~0.00%
Published-01 Jan, 2021 | 18:14
Updated-03 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.

Action-Not Available
Vendor-seopaneln/a
Product-seo_paneln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-22813
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-6.1||MEDIUM
EPSS-0.81% / 73.34%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:09
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)

Action-Not Available
Vendor-n/a
Product-single-phase_symmetragalaxy_g9kchupdpm138h-5upd60f6fk1pdpm277hpd40e5ek20-mpd40l6fk1-msymmetra_px_20galaxy_gvmsapd60g6fk1gutor_gvxgalaxy_3500network_management_card_2_firmwarepdpm150g6fpdrppnx10pdpb150g6fpmm500-alaxgutor_sxwpdpm150l6fpdpm175g6hapc_rack_power_distribution_unitspd60l6fk1pdpm288g6hnetwork_management_card_3pdpm138h-rpdrppnx10mpd40f6fk1-mrack_automatic_transfer_switchessmart-upspd40h5ek20-mnetwork_management_card_2symmetra_px_160pmm400-alaxsymmetra_px_40symmetra_px_48netbotz_nbrk0250pmm400-alagalaxy_g7xnetwork_management_card_3_firmwarepdpm144fpmm400-cubgalaxy_gfcgalaxy_rpp_grppip2x84ap9922_battery_management_systemsymmetra_px_100symmetra_px_500galaxy_gcxsagalaxy_gvxtssymmetra_px_250symmetra_px_96pmm500-cubpd40g6fk1-mgalaxy_gvmtspmm500-alapdpm72f-5un/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-19926
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.16% / 37.50%
||
7 Day CHG~0.00%
Published-06 Dec, 2018 | 23:00
Updated-05 Aug, 2024 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.

Action-Not Available
Vendor-zeniteln/a
Product-ip-stationweb_firmwareip-stationwebn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-19493
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.11% / 30.72%
||
7 Day CHG~0.00%
Published-10 Jul, 2019 | 14:44
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 246
  • 247
  • Next
Details not found