HomePentest-Tools.com Logo

HP/HPE System Management Homepage (SMH) Insight Diagnostics XSS Vulnerability (HPSBMA02615) - Active Check CVE-2010-4111

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

HP/HPE System Management Homepage (SMH) with Insight Diagnostics is prone to a cross-site scripting (XSS) vulnerability.

Risk description

The flaw is caused due imporper validation of user supplied input via query=onmouseover= to the /frontend2/help/search.php?, which allows attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site. Successful exploitation will allow attackers to inject arbitrary HTML code in the context of an affected site.

Recommendation

Update to version 8.5.1.3712 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 22, 2010
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available