HP System Management Homepage (SMH) for Linux and Windows Cross Site Scripting Vulnerability
BID:30029
Info
HP System Management Homepage (SMH) for Linux and Windows Cross Site Scripting Vulnerability
| Bugtraq ID: | 30029 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-1663 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 01 2008 12:00AM |
| Updated: | Aug 25 2008 10:35PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
HP System Management Homepage 2.1.11 HP System Management Homepage 2.1.10 |
| Not Vulnerable: |
HP System Management Homepage 2.1.12 |
Discussion
HP System Management Homepage (SMH) for Linux and Windows Cross Site Scripting Vulnerability
HP System Management Homepage (SMH) is prone to a cross-site scripting vulnerability.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected site. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
SMH 2.1.10 and 2.1.11 for Linux and Windows are vulnerable.
HP System Management Homepage (SMH) is prone to a cross-site scripting vulnerability.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected site. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
SMH 2.1.10 and 2.1.11 for Linux and Windows are vulnerable.
Exploit / POC
HP System Management Homepage (SMH) for Linux and Windows Cross Site Scripting Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
HP System Management Homepage (SMH) for Linux and Windows Cross Site Scripting Vulnerability
Solution:
The vendor has released an advisory and fixes. Please see the references for more information.
Solution:
The vendor has released an advisory and fixes. Please see the references for more information.
References
HP System Management Homepage (SMH) for Linux and Windows Cross Site Scripting Vulnerability
References:
References: