Summary
The host is running HP SMH with Insight Diagnostics and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow attackers to inject arbitrary HTML code in the context of an affected site.
Impact Level: Application
Solution
Upgrade to 8.5.1.3712 or higher versions or refer vendor advisory for update, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02652463
Insight
The flaw is caused due imporper validation of user supplied input via 'query=onmouseover=' to the '/frontend2/help/search.php?', which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Affected
HP Insight Diagnostics Online Edition before 8.5.1.3712.
References
Severity
Classification
-
CVE CVE-2010-4111 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Struts2 showcase namespace XSS Vulnerability
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- Apache Web Server ETag Header Information Disclosure Weakness
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability