Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-5184

CWE-79Cross-site Scripting (XSS)8 documents4 sources
Severity
4.3MEDIUM
EPSS
2.6%
top 14.29%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
HP Network Node Manager I
Timeline
PublishedSep 20
Latest updateMay 14

Description

Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 9.10 allow remote attackers to inject arbitrary web script or HTML via the (1) node parameter to nnm/mibdiscover; (2) nodename parameter to nnm/protected/configurationpoll.jsp, (3) nnm/protected/ping.jsp, (4) nnm/protected/statuspoll.jsp, or (5) nnm/protected/traceroute.jsp; or (6) field parameter to nmm/validate. NOTE: this might be a duplicate of CVE-2011-4155 or CVE-2011-4156.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-r8j8-g8mg-2j28: Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 92022-05-14
CVEList
CVE-2011-5184: Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 92012-09-20

💥Exploits & PoCs

5
Exploit-DB
HP Network Node Manager (NMM) i 9.10 - 'nnm/protected/statuspoll.jsp?nodename' Cross-Site Scripting2011-11-24
Exploit-DB
HP Network Node Manager (NMM) i 9.10 - 'nnm/protected/traceroute.jsp?nodename' Cross-Site Scripting2011-11-24
Exploit-DB
HP Network Node Manager (NMM) i 9.10 - 'nnm/protected/configurationpoll.jsp?nodename' Cross-Site Scripting2011-11-24
Exploit-DB
HP Network Node Manager (NMM) i 9.10 - '/nnm/mibdiscover?node' Cross-Site Scripting2011-11-24
Exploit-DB
HP Network Node Manager (NMM) i 9.10 - 'nnm/protected/ping.jsp?nodename' Cross-Site Scripting2011-11-24
CVE-2011-5184 (MEDIUM CVSS 4.3) | Multiple cross-site scripting (XSS) | cvebase.io