HP SiteScope Cross Site Scripting And HTML Injection Vulnerabilities Network Vulnerability

Summary

HP SiteScope is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user- supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. HP SiteScope versions 9.54, 10.13, 11.01, and 11.1 are affected.

Solution

Vendor updates are available. Please see the references for more information.

References

http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02807712
https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-15-25%5E849_4000_100__
https://www.securityfocus.com/bid/47554

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1726, CVE-2011-1727

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
Apache Struts Cross Site Scripting Vulnerability
Allaire JRun directory browsing vulnerability
Apache Archiva Home Page Cross-Site Scripting vulnerability
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities

HP SiteScope Cross Site Scripting and HTML Injection Vulnerabilities

Take action and discover your vulnerabilities