HP SMH Insight Diagnostics 'help/search.php?' Cross Site Scripting Vulnerability Network Vulnerability

Summary

The host is running HP SMH with Insight Diagnostics and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow attackers to inject arbitrary HTML code in the context of an affected site. Impact Level: Application

Solution

Upgrade to 8.5.1.3712 or higher versions or refer vendor advisory for update, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02652463

Insight

The flaw is caused due imporper validation of user supplied input via 'query=onmouseover=' to the '/frontend2/help/search.php?', which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

Affected

HP Insight Diagnostics Online Edition before 8.5.1.3712.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02652463
http://marc.info/?l=bugtraq&m=129245189832672&w=2
http://packetstormsecurity.org/files/view/101636/PR10-11.txt
http://securitytracker.com/alerts/2010/Dec/1024897.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4111

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
AN Guestbook Local File Inclusion Vulnerability
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities

Take action and discover your vulnerabilities