Summary
The host is running HP System Management Homepage, which is prone to unspecified XSS Vulnerability.
Certain input parameters are not properly sanitized before returned to the user.
Impact
An attacker can execute arbitrary script code in the user's browser session.
Impact Level : Application
Solution
Update to version 2.1.15.210 or later.
HP System Management Homepage for Linux (x86) v2.1.15.210:
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-e85a4029b2dd42959f1f82dda7
HP System Management Homepage for Linux (AMD64/EM64T) v2.1.15.210:
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-5c90113499bb41faacdcad9485
HP System Management Homepage for Windows v2.1.15.210:
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-84b4161b7cd3455fb34ac57586
Affected
HP System Management Homepage versions prior to 2.1.15.210
References
Severity
Classification
-
CVE CVE-2008-4411 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability
- Apache mod_proxy_ajp Information Disclosure Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities