CVE-2018-6492
MEDIUMHP Network Operations Management Ultimate 2017.07-2018.02 & Network Automation 10.00-10.50 - XSS & HTML Injection
Title source: llmDescription
Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection.
References (3)
Core 3
Core References
Various Sources x_refsource_confirm
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040900
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104131
Scores
CVSS v3
4.7
EPSS
0.0043
EPSS Percentile
62.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (10)
hp/network_automation
10.00
hp/network_automation
10.10
hp/network_automation
10.11
hp/network_automation
10.20
hp/network_automation
10.30
hp/network_automation
10.40
hp/network_automation
10.50
hp/network_operations_management_ultimate
2017.07
hp/network_operations_management_ultimate
2017.11
hp/network_operations_management_ultimate
2018.02
Published
May 22, 2018
Tracked Since
Feb 18, 2026