CVE-2016-4393

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 51.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP System Management Homepage HPE HPE System Management Homepage Before V7.6

Timeline

PublishedOct 28

Latest updateMay 17

Description

HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5hpe/hpe_system_management_homepage_before_v7.6HPE System Management Homepage before v7.6

▶NVDhp/system_management_homepage7.5.5.0

🔴Vulnerability Details

GHSA

GHSA-2565-pm5h-w9cc: HPE System Management Homepage before v7↗2022-05-17

▶

CVEList

CVE-2016-4393: HPE System Management Homepage before v7↗2016-10-28

▶