CVE-2021-29216 — Cross-site Scripting in HPE Oneview Global Dashboard

CWE-79 — Cross-site Scripting CWE-94 — Code Injection4 documents4 sources

Severity

6.1MEDIUMNVD

GHSA7.5

EPSS

0.3%

top 45.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HPE Oneview Global Dashboard Hewlett Packard Enterprise HPE Oneview Global Dashboard

Timeline

PublishedFeb 24

Latest updateMay 24

Description

A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDhpe/oneview_global_dashboard< 2.5

▶CVEListV5hewlett_packard_enterprise/hpe_oneview_global_dashboardPrior to 2.5

🔴Vulnerability Details

GHSA

Code injection in `saved_model_cli` in TensorFlow↗2022-05-24

▶

GHSA

GHSA-8wh7-fh46-g46v: A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2↗2022-02-25

▶

CVEList

CVE-2021-29216: A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2↗2022-02-24

▶