CVE-2016-2011

CWE-79 — Cross-site Scripting (XSS)CWE-122 — Heap-based Buffer Overflow CWE-31119 documents11 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 54.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Network Node Manager I

Timeline

PublishedMay 7

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDhp/network_node_manager_i6 versions+5

Patches

Patch: h20566.www2.hpe.com ↗Patch: h20566.www2.hpe.com ↗

🔴Vulnerability Details

GHSA

GHSA-m63p-gcqw-3rr6: Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9↗2022-05-17

▶

GHSA

Downloads Resources over HTTP in webdriver-launcher↗2019-02-18

▶

Kernel

namei: allow restricted O_CREAT of FIFOs and regular files↗2018-08-23

▶

GHSA

Downloads Resources over HTTP in jstestdriver↗2018-08-15

▶

CVEList

CVE-2016-2011: Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9↗2016-05-07

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows (x86) - 'NDISTAPI' Local Privilege Escalation (MS11-062)↗2016-10-24

▶

Exploit-DB

Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046)↗2016-10-18

▶

Metasploit

AF_PACKET chocobo_root Privilege Escalation↗

▶

📋Vendor Advisories

Microsoft

Microsoft Outlook for Mac Spoofing Vulnerability↗2017-06-13

▶

Drupal

PHPmailer 3rd party library - PSA-2016-004↗2016-12-26

▶

Red Hat

jasper: heap buffer overflow in jpc_dec_cp_setfromcox() (rejected duplicate of CVE-2011-4516)↗2016-10-17

▶

Red Hat

jasper: insufficient memory allocation in jpc_crg_getparms() (rejected duplicate of CVE-2011-4517)↗2016-10-17

▶

💬Community

Bugzilla

CVE-2011-2715 drupal: SQL injection due to insufficient sanitization of table names or column names↗2020-02-06

▶

Bugzilla

CVE-2011-2714 drupal: XSS due to insufficient sanitization of table descriptions, field names, or labels before display↗2020-01-28

▶

Bugzilla

CVE-2011-5326 imlib2: divide by zero on 2x1 ellipse↗2016-04-01

▶