PT-2023-21542 · Hewlett Packard · Ilo 5+3
Published
2023-03-13
·
Updated
2023-03-24
·
CVE-2023-28083
CVSS v3.1
8.3
High
| Vector | AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
HPE Integrated Lights-Out 6 (iLO 6) (affected versions not specified)
HPE Integrated Lights-Out 5 (iLO 5) (affected versions not specified)
HPE Integrated Lights-Out 4 (iLO 4) (affected versions not specified)
Description
A remote Cross-site Scripting vulnerability was discovered, which could be exploited to allow stored Cross-Site scripting attacks.
Recommendations
For HPE Integrated Lights-Out 6 (iLO 6), update to the latest software version provided by HPE to resolve the issue.
For HPE Integrated Lights-Out 5 (iLO 5), update to the latest software version provided by HPE to resolve the issue.
For HPE Integrated Lights-Out 4 (iLO 4), update to the latest software version provided by HPE to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hpe Ilo
Ilo 4
Ilo 5
Ilo 6