HP SiteScope Cross Site Scripting And HTML Injection Vulnerabilities Network Vulnerability

Summary

This host is running HP SiteScope and is prone to cross site scripting and HTML injection vulnerabilities.

Impact

Successful exploitation will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Impact Level: Application

Solution

Upgrade to HP SiteScope version 11.1 and apply the SS1110110412 hotfix http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02807712

Insight

The flaws are caused by input validation errors when processing user-supplied data, which could allow cross site scripting or HTML injection attacks.

Affected

HP SiteScope versions 9.54, 10.13, 11.01, and 11.1

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02807712
http://osvdb.org/show/osvdb/72061
http://www.vupen.com/english/advisories/2011/1091
http://xforce.iss.net/xforce/xfdb/45958
https://secunia.com/advisories/44354

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1726, CVE-2011-1727

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache ActiveMQ Multiple Vulnerabilities
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Apache Archiva Home Page Cross-Site Scripting vulnerability
Apache CouchDB Cross Site Request Forgery Vulnerability

HP SiteScope Cross Site Scripting and HTML Injection Vulnerabilities

Take action and discover your vulnerabilities