CVE-2023-28083

HIGH

HPE Integrated Lights-Out 4 < 2.82, 5 < 2.78, 6 < 1.20 - Cross-Site Scripting

Title source: llm

Description

A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04456en_us

Scores

CVSS v3 8.3

EPSS 0.0024

EPSS Percentile 47.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (3)

hp/integrated_lights-out_4 < 2.82

hp/integrated_lights-out_5 < 2.78

hp/integrated_lights-out_6 < 1.20

Published Mar 22, 2023

Tracked Since Feb 18, 2026