CVE-2018-6492

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.4%
top 37.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Micro Focus Network AutomationMicro Focus Network Operations Management UltimateHP Network Automation+1 more
Timeline
PublishedMay 22
Latest updateMay 13

Description

Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.7

Affected Packages4 packages

NVDhp/network_operations_management_ultimate2017.07, 2017.11, 2018.02+2
CVEListV5micro_focus/network_operations_management_ultimate2017.07, 2017.11, 2018.02
NVDhp/network_automation7 versions+6
CVEListV5micro_focus/network_automation10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50

🔴Vulnerability Details

2
GHSA
GHSA-qwmh-j592-r53f: Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 20172022-05-13
CVEList
MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities2018-05-22
CVE-2018-6492 (MEDIUM CVSS 6.1) | Persistent Cross-Site Scripting | cvebase.io