Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-2647Cross-site Scripting in HP Operations Agent

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
2.1%
top 16.10%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
HP Operations Agent
Timeline
PublishedOct 19
Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-r6fg-h6hf-c24f: Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 112022-05-13

💥Exploits & PoCs

1
Exploit-DB
HP Operations Agent - Cross-Site Scripting iFrame Injection2014-10-27
CVE-2014-2647 — Cross-site Scripting in HP | cvebase