Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-12544 — Cross-site Scripting in HP System Management Homepage

Severity

5.4MEDIUMNVD

EPSS

59.9%

top 1.73%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Timeline

PublishedFeb 15

Latest updateMay 14

Description

A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

GHSA

GHSA-9w8p-qh5m-p38x: A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7↗2022-05-14

▶

CVEList

CVE-2017-12544: A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7↗2018-02-15

▶

Nuclei

HPE System Management - Cross-Site Scripting

▶