CVE-2016-2010

Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011.

Published: May 7, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-2010
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
hp / network_node_manager_i	9.25	9.25.x
hp / network_node_manager_i	10.00	10.00.x
hp / network_node_manager_i	9.24	9.24.x
hp / network_node_manager_i	10.01	10.01.x
hp / network_node_manager_i	9.23	9.23.x
hp / network_node_manager_i	9.20	9.20.x

http://www.securitytracker.com/id/1035767
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564

Vulnerability Database

289,599

CVE-2016-2010