CVE-2018-6492 – MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6492
Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection. Cross-Site Scripting (XSS) persistente e inyección HTML no persistente en HP Network Operations Management Ultimate, versiones 2017.07, 2017.11 y 2018.02 y en Network Automation, versiones 10.00, 10.10, 10.11, 10.20, 10.30, 10.40 y 10.50. La vulnerabilidad podría explotarse remotamente para permitir Cross-Site Scripting (XSS) persistente y una inyección HTML no persistente. • http://www.securityfocus.com/bid/104131 http://www.securitytracker.com/id/1040900 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-6493 – MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6493
SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection. Inyección SQL en HP Network Operations Management Ultimate, versiones 2017.07, 2017.11 y 2018.02 y en Network Automation, versiones 10.00, 10.10, 10.11, 10.20, 10.30, 10.40 y 10.50. La vulnerabilidad se podría explotar de forma remota para permitir una inyección SQL remota. • http://www.securityfocus.com/bid/104131 http://www.securitytracker.com/id/1040900 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •