← Back

CVE-2018-7117

nvd nist
Published: Apr 9, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40.

Affected (1)

Hp
1 product
Integrated Lights Out 5 Firmware
Configuration A
1 vulnerable · 19 platform
Vulnerable SoftwareAffected Versions
Integrated Lights Out 5 Firmware
Before 1.40
Running on/withPlatform Versions
Hp
Proliant Bl460c Gen10
All versions
Hp
Proliant Dl120 Gen10
All versions
Hp
Proliant Dl160 Gen10
All versions
Hp
Proliant Dl180 Gen10
All versions
Hp
Proliant Dl20 Gen10
All versions
Hp
Proliant Dl325 Gen10
All versions
Hp
Proliant Dl360 Gen10
All versions
Hp
Proliant Dl380 Gen10
All versions
Hp
Proliant Dl385 Gen10
All versions
Hp
Proliant Dl560 Gen10
All versions
Hp
Proliant Dl580 Gen10
All versions
Hp
Proliant Microserver Gen10
All versions
Hp
Proliant Ml110 Gen10
All versions
Hp
Proliant Ml30 Gen10
All versions
Hp
Proliant Ml350 Gen10
All versions
Hp
Proliant Xl170r Gen10
All versions
Hp
Proliant Xl190r Gen10
All versions
Hp
Proliant Xl230k Gen10
All versions
Hp
Proliant Xl450 Gen10
All versions

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

Source: security-alert@hpe.com
Vendor Advisory
Source: security-alert@hpe.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.