CVSS: 8.3EPSS: 0%CPEs: 162EXPL: 0CVE-2023-28083 – Potential Cross-Site scripting vulnerability in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4).
https://notcve.org/view.php?id=CVE-2023-28083
20 Mar 2023 — A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04456en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 45EXPL: 0CVE-2021-46846
https://notcve.org/view.php?id=CVE-2021-46846
03 Nov 2022 — Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5. Vulnerabilidad de Cross-Site Scripting en Hewlett Packard Enterprise Integrated Lights-Out 5. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04133en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 77EXPL: 0CVE-2022-28637
https://notcve.org/view.php?id=CVE-2022-28637
20 Sep 2022 — A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities. Se ha detectado una vulnerabilidad de denegación de servicio (DoS) local y de ejecución de código arbitrario local que podría co... • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04365en_us •
CVSS: 8.8EPSS: 0%CPEs: 77EXPL: 0CVE-2022-28639
https://notcve.org/view.php?id=CVE-2022-28639
20 Sep 2022 — A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities. Se ha detectado una posible denegación de servicio (DoS) remota y una posible vulnerabilidad de... • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04365en_us •
CVSS: 7.8EPSS: 0%CPEs: 77EXPL: 0CVE-2022-28638
https://notcve.org/view.php?id=CVE-2022-28638
20 Sep 2022 — An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities. Se ha detectado una divulgación local aislada de información y una posible vulnerabilidad local a... • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04365en_us •
CVSS: 8.8EPSS: 0%CPEs: 77EXPL: 0CVE-2022-28640
https://notcve.org/view.php?id=CVE-2022-28640
20 Sep 2022 — A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses this security vulnerability. Se ha detectado una potencial vulnerabilidad de ejecución de código arbitrario local adyacente que podría conllevar a una pérdida de confidencialid... • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04365en_us •
CVSS: 7.5EPSS: 2%CPEs: 59EXPL: 0CVE-2022-23704
https://notcve.org/view.php?id=CVE-2022-23704
09 May 2022 — A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Out 4 (iLO 4) 2.80 and later. Se ha identificado una posible vulnerabilidad de seguridad en Integrated Lights-Out 4 (iLO 4). La vulnerabilidad podría permitir una Denegación de Servicio remota. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04240en_us •
CVSS: 4.8EPSS: 0%CPEs: 29EXPL: 0CVE-2021-29209
https://notcve.org/view.php?id=CVE-2021-29209
25 May 2021 — A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78. Se detectó una vulnerabilidad de un xss dom y una inyección remota de crlf en HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Ligh... • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04134en_us • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 29EXPL: 0CVE-2021-29208
https://notcve.org/view.php?id=CVE-2021-29208
25 May 2021 — A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78. Se detectó una vulnerabilidad de un xss dom y una inyección remota de crlf en HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Ligh... • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04134en_us • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 29EXPL: 0CVE-2021-29211
https://notcve.org/view.php?id=CVE-2021-29211
25 May 2021 — A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78. Se detectó una vulnerabilidad de tipo xss remota en HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) para servidores HPE Gen10;&#x... • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04134en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •