Advertisements

 HP System Management Homepage Unspecified Cross-Site Scripting

Friday, 12 October 2007

Vendor: HP

Description:

A vulnerability has been reported in HP System Management Homepage (SMH), which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain input passed to unspecified parameters is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in SMH on HP-UX B.11.11, B.11.23, and B.11.31, and in versions prior to 2.1.10 on Linux and Windows.

Solution:
Apply updates.

HP System Management Homepage for Linux (x86) 2.1.10-186:
http://h18007.www1.hp.com/support/files/server/us/download/27627.html

HP System Management Homepage for Linux (AMD64/EM64T) 2.1.10-186:
http://h18007.www1.hp.com/support/files/server/us/download/27626.html

HP System Management Homepage for Windows 2.1.10-186:
http://h18023.www1.hp.com/support/files/server/us/download/27540.html

HP-UX B.11.11:
Install PHSS_36869 or subsequent.

HP-UX B.11.23:
Install PHSS_36870 or subsequent.

HP-UX B.11.31:
Install PHSS_36871 or subsequent.

Provided and/or discovered by:
The vendor credits Thijs Bosschert (Fox-IT).

Original Advisories:
HPSBMA02275 SSRT071445:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01183597

HPSBMA02274 SSRT071445:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01183265

http://www.secunia.com/advisories/27067/



Share this content:
        
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.