CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29217
https://notcve.org/view.php?id=CVE-2021-29217
A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard. Se ha detectado una vulnerabilidad de redireccionamiento de URL remota en HPE OneView Global Dashboard versiones: Anteriores a 2.5. HPE ha proporcionado una actualización de software para resolver esta vulnerabilidad en HPE OneView Global Dashboard • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04228en_us • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29216
https://notcve.org/view.php?id=CVE-2021-29216
A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard. Se ha detectado una vulnerabilidad de tipo cross-site scripting remoto en HPE OneView Global Dashboard versiones: Anteriores a 2.5. HPE ha proporcionado una actualización de software para resolver esta vulnerabilidad en HPE OneView Global Dashboard • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04228en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2022-25256
https://notcve.org/view.php?id=CVE-2022-25256
SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL. • https://github.com/RobertDra/CVE-2022-25256 https://sas.com https://support.sas.com/kb/62/972.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2021-29219
https://notcve.org/view.php?id=CVE-2021-29219
A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. HPE has made the following software update to resolve the vulnerability in HPE FlexNetwork 5130 EL Switch Series version 5130_EL_7.10.R3507P02. Se ha identificado una posible vulnerabilidad de desbordamiento del búfer local en HPE FlexNetwork 5130 EL Switch Series versión: Anteriores a 5130_EI_7.10.R3507P02. HPE ha realizado la siguiente actualización de software para resolver la vulnerabilidad en la versión 5130_EL_7.10.R3507P02 de HPE FlexNetwork 5130 EL Switch Series • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbnw04234en_us • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 14EXPL: 0CVE-2021-29218
https://notcve.org/view.php?id=CVE-2021-29218
A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows. Se ha identificado una vulnerabilidad de seguridad en la ruta de búsqueda local no citada en HPE Agentless Management Service para Windows versiones: Anteriores a 1.44.0.0, 10.96.0.0. Esta vulnerabilidad podría ser explotada localmente por un usuario con altos privilegios para ejecutar malware que puede conllevar a una pérdida de confidencialidad, integridad y disponibilidad. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04233en_us • CWE-428: Unquoted Search Path or Element •