HomePentest-Tools.com Logo

HP SiteScope Cross-Site Scripting and Session Fixation Vulnerabilities CVE-2011-2400CVE-2011-2401

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

HP SiteScope is prone to cross-site scripting and session fixation vulnerabilities.

Risk description

Multiple flaws are due to: - Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site. - An error in the handling of sessions can be exploited to hijack another users session by tricking the user into logging in after following a specially crafted link. Successful exploitation could allow execution of scripts or actions written by an attacker. In addition, an attacker may conduct session fixation attacks to hijack the target users session.

Recommendation

Apply the patch from below link.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jul 29, 2011
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available