HP System Management Homepage Unspecified XSS Vulnerability Network Vulnerability

Summary

This host is running HP System Management Homepage (SMH) and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow attackers to steal cookie-based authentication credentials and execute arbitrary script on the user's web browser by injecting web script or HTML vi remote vectors.

Solution

Upgrade to version 3.0.1.73 or later, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01745065

Insight

HP System Management Homepage application fails to validate user supplied input.

Affected

HP System Management Homepage versions prior to 3.0.1.73 on all platforms.

References

http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000029.html
http://xforce.iss.net/xforce/xfdb/50633

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1418

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
Apache ActiveMQ Multiple Vulnerabilities
Apache Struts2 'XWork' Information Disclosure Vulnerability

Take action and discover your vulnerabilities