CVE-2014-2647

HP Operations Agent < 11.13 - Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2647. PoCs published by Matt Schmidt.

AI-analyzed exploit summary This Python script exploits a stored XSS vulnerability in HP Operations Agent/OpenView Communications Broker by injecting a hidden iframe into the User-Agent header. The payload is sent to the vulnerable endpoint '/Hewlett-Packard/OpenView/BBC/status' and persists until the connection is terminated.

Description

Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Matt Schmidt · pythonwebappsmultiple
https://www.exploit-db.com/exploits/35076

This Python script exploits a stored XSS vulnerability in HP Operations Agent/OpenView Communications Broker by injecting a hidden iframe into the User-Agent header. The payload is sent to the vulnerable endpoint '/Hewlett-Packard/OpenView/BBC/status' and persists until the connection is terminated.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: HP Operations Agent/OpenView Communications Broker < 11.14
No auth needed
Prerequisites: Network access to the target system · Vulnerable version of HP Operations Agent/OpenView Communications Broker
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/35076

Scores

EPSS 0.0340
EPSS Percentile 87.3%

Details

CWE
CWE-79
Status published
Products (1)
hp/operations_agent < 11.13
Published Oct 19, 2014
Tracked Since Feb 18, 2026