Vulnerability Details CVE-2018-6492
Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.5%
CVSS Severity
CVSS v3 Score 4.7
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/104131
- http://www.securitytracker.com/id/1040900
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014
- http://www.securityfocus.com/bid/104131
- http://www.securitytracker.com/id/1040900
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014
Products affected by CVE-2018-6492
-
cpe:2.3:a:hp:network_automation:10.00
-
cpe:2.3:a:hp:network_automation:10.10
-
cpe:2.3:a:hp:network_automation:10.11
-
cpe:2.3:a:hp:network_automation:10.20
-
cpe:2.3:a:hp:network_automation:10.30
-
cpe:2.3:a:hp:network_automation:10.40
-
cpe:2.3:a:hp:network_automation:10.50
-
cpe:2.3:a:hp:network_operations_management_ultimate:2017.07
-
cpe:2.3:a:hp:network_operations_management_ultimate:2017.11
-
cpe:2.3:a:hp:network_operations_management_ultimate:2018.02