HP SMH Insight Diagnostics Cross Site Scripting Vulnerability - Windows Network Vulnerability

Summary

The host is running HP SMH with Insight Diagnostics and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow attackers to inject arbitrary HTML code in the context of an affected site. Impact Level: Application

Solution

Upgrade to 8.5.1.3712 or higher versions or refer vendor advisory for update, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02652463

Insight

The flaw is caused due imporper validation of user supplied input via unspecified vectors, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

Affected

HP Insight Diagnostics Online Edition before 8.5.1.3712 on Windows.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02652463
http://marc.info/?l=bugtraq&m=129245189832672&w=2
http://securitytracker.com/alerts/2010/Dec/1024897.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4111

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apple Safari 'background' Remote Denial Of Service Vulnerability
Adobe Reader Information Disclosure Vulnerability Jun05 (Windows)
Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)
Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
Adobe Reader Information Disclosure & Code Execution Vulnerabilities (Linux)

Take action and discover your vulnerabilities