HP SMH Insight Diagnostics Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

The host is running HP SMH with Insight Diagnostics and is prone to multiple cross-site scripting vulnerabilities.

Impact

Successful exploitation will allow attackers to inject arbitrary HTML code in the context of an affected site. Impact Level: Application

Solution

Upgrade to higher versions or refer below vendor advisory for update, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472

Insight

The flaws are caused by input validation errors in the 'parameters.php', 'idstatusframe.php', 'survey.php', 'globals.php' and 'custom.php' pages, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

Affected

HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472
http://osvdb.org/show/osvdb/67748

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-3003

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Rave User Information Disclosure Vulnerability
Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
12Planet Chat Server one2planet.infolet.InfoServlet XSS
Apache ActiveMQ Multiple Vulnerabilities

Take action and discover your vulnerabilities