Medium severity5.4NVD Advisory· Published May 7, 2016· Updated May 6, 2026

CVE-2016-2011

Description

Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010.

Affected products

HP/Network Node Manager I6 versions
cpe:2.3:a:hp:network_node_manager_i:10.00:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:hp:network_node_manager_i:10.00:*:*:*:*:*:*:*
- cpe:2.3:a:hp:network_node_manager_i:9.20:*:*:*:*:*:*:*
- cpe:2.3:a:hp:network_node_manager_i:9.23:*:*:*:*:*:*:*
- cpe:2.3:a:hp:network_node_manager_i:9.24:*:*:*:*:*:*:*
- cpe:2.3:a:hp:network_node_manager_i:9.25:*:*:*:*:*:*:*
- cpe:2.3:a:hp:network_node_manager_i:10.01:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdPatchVendor Advisory
www.securitytracker.com/id/1035767nvd

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000