Detections
Analytics

HP System Management Homepage < 2.1.15.210 Unspecified XSS

medium Nessus Plugin ID 34694

Language:

Synopsis

The remote web server is affected by a cross-site scripting vulnerability.

Description

The remote host appears to be running HP System Management Homepage (SMH), a web-based management interface for ProLiant and Integrity servers.

The version of HP SMH installed on the remote host fails to sanitize user input to an unspecified parameter and script before using it to generate dynamic HTML. A remote attacker may be able to exploit this issue to cause arbitrary HTML and script code to be executed by a user's browser in the context of the affected website.

Solution

Upgrade to HP System Management Homepage v2.1.15.210 or later.

See Also

http://www.nessus.org/u?ea065b75

https://seclists.org/bugtraq/2008/Oct/68

Plugin Details

Severity: Medium

ID: 34694

File Name: hpsmh_2_1_15_210.nasl

Version: 1.21

Type: remote

Published: 11/4/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:hp:system_management_homepage

Required KB Items: www/hp_smh

Exploit Ease: No exploit is required

Patch Publication Date: 10/8/2008

Reference Information

CVE: CVE-2008-4411

BID: 31663

CWE: 79

SECUNIA: 32199