HP Project and Portfolio Management Center Unspecified Cross Site Scripting Vulnerabilities

Bugtraq ID:	38961
Class:	Input Validation Error
CVE:	CVE-2010-0452
Remote:	Yes
Local:	No
Published:	Mar 24 2010 12:00AM
Updated:	Mar 24 2010 12:00AM
Credit:	HP
Vulnerable:	HP HP Project and Portfolio Management Center 7.5 HP HP Project and Portfolio Management Center 7.1
Not Vulnerable:	HP HP Project and Portfolio Management Center 7.5 SP3 HP HP Project and Portfolio Management Center 7.1 SP10

HP Project and Portfolio Management Center Unspecified Cross Site Scripting Vulnerabilities

HP Project and Portfolio Management Center (PPMC) is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

These issues affect HP Project and Portfolio Management Center versions 7.5 SP3 and earlier and 7.1 SP10 and earlier.

HP Project and Portfolio Management Center Unspecified Cross Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.

HP Project and Portfolio Management Center Unspecified Cross Site Scripting Vulnerabilities

Solution:
Updates are available. Please see the references for details.

HP Project and Portfolio Management Center Unspecified Cross Site Scripting Vulnerabilities

References:

• Micro News Homepage (phptoys)
  
• HPSBMA02436 SSRT080064 rev.1 - HP Project and Portfolio Management Center (PPMC) (HP)