CVE-2013-4842

Published: Nov 18, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (8)

Products: Hp: Integrated Lights Out Firmware, Integrated Lights Out 4

2 products

Integrated Lights Out Firmware

Integrated Lights Out 4

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Hp Integrated Lights Out Firmware	Up to 1.27a
Hp Integrated Lights Out Firmware	Version 1.10
Hp Integrated Lights Out Firmware	Version 1.15
Hp Integrated Lights Out Firmware	Version 1.15a
Hp Integrated Lights Out Firmware	Version 1.16a
Hp Integrated Lights Out Firmware	Version 1.20a
Hp Integrated Lights Out Firmware	Version 1.26a
Hp Integrated Lights Out 4	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804

Source: hp-security-alert@hp.com

Vendor Advisory

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.