Lucene search
K

HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2018-7117)

🗓️ 13 Nov 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 6 Views

Remote XSS in HP iLO 5 Web UI on Gen10 ProLiant before version 1.40.

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNVD
HPE Integrated Lights-Out 5 Cross-Site Scripting Vulnerability
18 Apr 201900:00
cnvd
CVE
CVE-2018-7117
9 Apr 201918:28
cve
Cvelist
CVE-2018-7117
9 Apr 201918:28
cvelist
EUVD
EUVD-2018-18860
7 Oct 202500:30
euvd
Tenable Nessus
iLO 5 < 1.40 Cross Site Scripting (XSS) Vulnerability
17 Apr 201900:00
nessus
Tenable Nessus
iLO 4 < 2.70 / iLO 5 < 1.40a Multiple Vulnerabilities
23 May 201900:00
nessus
NVD
CVE-2018-7117
9 Apr 201919:29
nvd
Prion
Cross site scripting
9 Apr 201919:29
prion
RedhatCVE
CVE-2018-7117
22 May 202504:29
redhatcve
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(504429);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/13");

  script_cve_id("CVE-2018-7117");

  script_name(english:"HP Integrated Lights-Out Improper Neutralization of Input During Web Page Generation (CVE-2018-7117)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A remote Cross-Site Scripting in HPE iLO 5 Web User Interface
vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5)
for Gen10 ProLiant Servers earlier than version v1.40.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03907en_us
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a5132863");
  # https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03917en_us
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fa1b2a6b");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-7117");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(79);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/04/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/13");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:integrated_lights-out_5_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/HP");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/HP');

var asset = tenable_ot::assets::get(vendor:'HP');

var vuln_cpes = {
    "cpe:/o:hp:integrated_lights-out_5_firmware" :
        {"versionEndExcluding" : "1.40", "family" : "ILO"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

13 Nov 2025 00:00Current
6.9Medium risk
Vulners AI Score6.9
CVSS 24.3
CVSS 36.1
EPSS0.01295
6