CVE-2013-4842

Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: Nov 18, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-4842
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
hp / integrated_lights-out_firmware	-	1.27a.x
hp / integrated_lights-out_firmware	1.10	1.10.x
hp / integrated_lights-out_firmware	1.15	1.15.x
hp / integrated_lights-out_firmware	1.15a	1.15a.x
hp / integrated_lights-out_firmware	1.16a	1.16a.x
hp / integrated_lights-out_firmware	1.20a	1.20a.x
hp / integrated_lights-out_firmware	1.26a	1.26a.x

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804

Vulnerability Database

291,049

CVE-2013-4842