CVE-2018-7090

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.5%

top 36.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP XP 9000 Command View Hewlett Packard Enterprise HPE XP P9000 Command View Advanced Edition Software (cvae) Versions 7.0.0-00 TO Earlier Than 8.60-00

Timeline

PublishedAug 6

Latest updateMay 14

Description

HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5hewlett_packard_enterprise/hpe_xp_p9000_command_view_advanced_edition_software_(cvae)_versions_7.0.0-00_to_earlier_than_8.60-00versions 7.0.0-00 to earlier than 8.60-00

▶NVDhp/xp_9000_command_view7.0.0-00 — 8.60-00

🔴Vulnerability Details

GHSA

GHSA-p2jm-wp8p-wh7g: HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting vulnerability in versions 7↗2022-05-14

▶

CVEList

CVE-2018-7090: HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting vulnerability in versions 7↗2018-08-06

▶