HP System Management Homepage < 2.1.12 Unspecified XSS

medium Nessus Plugin ID 33548

Synopsis

The remote web server is affected by a cross-site scripting vulnerability.

Description

The remote host appears to be running HP System Management Homepage (SMH), a web-based management interface for ProLiant and Integrity servers.

The version of HP SMH installed on the remote host fails to sanitize user input to an unspecified parameter and script before using it to generate dynamic HTML. A remote attacker may be able to exploit this issue to cause arbitrary HTML and script code to be executed by a user's browser in the context of the affected website.

Solution

Upgrade to HP System Management Homepage 2.1.12 or later.

See Also

http://www.securityfocus.com/advisories/14919

https://seclists.org/bugtraq/2008/Jul/8

Plugin Details

Severity: Medium

ID: 33548

File Name: hpsmh_2_1_12.nasl

Version: 1.20

Type: remote

Published: 7/21/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:hp:system_management_homepage

Required KB Items: www/hp_smh

Exploit Ease: No exploit is required

Patch Publication Date: 6/30/2008

Reference Information

CVE: CVE-2008-1663

BID: 30029

CWE: 79

SECUNIA: 30912