CVE-2016-2010

CWE-79Cross-site Scripting (XSS)25 documents12 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 54.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
HP Network Node Manager I
Timeline
PublishedMay 7
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

NVDhp/network_node_manager_i6 versions+5

Patches

Patch: h20566.www2.hpe.comPatch: h20566.www2.hpe.com

🔴Vulnerability Details

2
GHSA
GHSA-fp3x-3m47-hqv3: Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 92022-05-17
CVEList
CVE-2016-2010: Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 92016-05-07

💥Exploits & PoCs

4
Exploit-DB
Microsoft Excel - OLE Arbitrary Code Execution2017-09-30
Exploit-DB
Microsoft Office PowerPoint 2010 - Invalid Pointer Reference2016-09-21
Exploit-DB
Excel RTD - Memory Corruption2010-09-10
Exploit-DB
The iceberg - 'Content Management System' SQL Injection2010-05-16

📋Vendor Advisories

5
Microsoft
Microsoft Office Information Disclosure Vulnerability2016-12-13
Microsoft
Microsoft Excel Information Disclosure Vulnerability2016-12-13
Microsoft
Microsoft Office Information Disclosure Vulnerability2016-12-13
Microsoft
Microsoft Office Information Disclosure Vulnerability2016-12-13
Red Hat
kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap()2010-07-29

💬Community

1
Bugzilla
CVE-2010-1639 Clam AntiVirus: Heap-based overflow, when processing malicious PDF file(s)2010-05-24
CVE-2016-2010 (MEDIUM CVSS 5.4) | Cross-site scripting (XSS) vulnerab | cvebase.io