CVE-2019-5401
MEDIUMHP2910al-48G Firmware W.15.14.0016 - Authenticated Stored Cross-Site Scripting in Persistent Configuration Fields
Title source: llmDescription
A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03944en_us
Scores
CVSS v3
4.8
EPSS
0.0031
EPSS Percentile
54.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
hp/hp2910al-48g_firmware
w.15.14.00.16
Published
Aug 01, 2019
Tracked Since
Feb 18, 2026