CVE-2023-28083

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 57.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HPE Integrated Lights-out HP Integrated Lights-out 4 HP Integrated Lights-out 5 +1 more

Timeline

PublishedMar 22

Description

A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:LExploitability: 1.7 | Impact: 6.0

Affected Packages4 packages

▶CVEListV5hpe/integrated_lights-outIntegrated Lights-Out 6 (iLO 6) — 1.20+2

▶NVDhp/integrated_lights-out_4< 2.82

▶NVDhp/integrated_lights-out_5< 2.78

▶NVDhp/integrated_lights-out_6< 1.20

🔴Vulnerability Details

GHSA

GHSA-38pw-vp6h-qrfm: A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Ligh↗2023-03-22

▶

CVEList

Potential Cross-Site scripting vulnerability in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4).↗2023-03-20

▶