Friday, May 21, 2021

HP iLO: CVE-2021-29204: Cross-Site Scripting (XSS), Carriage Return Line Feed

Multiple potential security vulnerabilities have been identified in HPE Integrated Lights-Out 5 (iLO 5), and HPE Integrated Lights-Out 4 (iLO 4). The vulnerabilities are XSS, CR-LF injection, DOM XSS and several buffer overflow vulnerabilities. The XSS, CR-LF injection and DOM XSS are against authenticated privileged iLO users of the iLO web interface. The iLO buffer overflow vulnerabilities can be exploited by a privileged user on a host OS to execute code on the iLO as a privileged user.
  • hp-ilo-4-upgrade-2_78
  • hp-ilo-5-upgrade-2_44

  • References
  • CVE - 2021-29204


    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated