CVE-2014-2644

2014-10-0601:55:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-2644

xss vulnerability

systems insight manager

sim

nvd

remote attackers

web script

html

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.054 Low

EPSS

Percentile

93.2%

JSON

Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Affected configurations

NVD

Node

hpsystems_insight_managerRange≤7.3

hpsystems_insight_managerMatch7.0

hpsystems_insight_managerMatch7.1

hpsystems_insight_managerMatch7.2

CPENameOperatorVersion
hp:systems_insight_managerhp systems insight managerle7.3
hp:systems_insight_managerhp systems insight managereq7.0
hp:systems_insight_managerhp systems insight managereq7.1
hp:systems_insight_managerhp systems insight managereq7.2

CPE	Name	Operator	Version
hp:systems_insight_manager	hp systems insight manager	le	7.3
hp:systems_insight_manager	hp systems insight manager	eq	7.0
hp:systems_insight_manager	hp systems insight manager	eq	7.1
hp:systems_insight_manager	hp systems insight manager	eq	7.2