| Secunia Advisory: | SA30912 | |
| Release Date: | 2008-07-02 | |
| Critical: |  Less critical | |
| Impact: | Cross Site Scripting | |
| Where: | From remote | |
| Solution Status: | Vendor Patch | |
| Software: | HP System Management Homepage 2.x | |
| CVE reference: | CVE-2008-1663 (Secunia mirror) | |
:
A vulnerability has been reported in HP System Management Homepage (SMH), which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed via unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability is reported in HP System Management Homepage (SMH) version 2.1.10 and 2.1.11 running on Linux and Windows.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
Update to version 2.1.12 or later.
HP System Management Homepage for Linux (x86) v2.1.12-200:
http://h20000.www2.hp.com/bizsupport/...swItem=MTX-6bfaf43a118b47098e763096e7
HP System Management Homepage for Linux (AMD64/EM64T) v2.1.12-200:
http://h20000.www2.hp.com/bizsupport/...swItem=MTX-e280953be19b41a385c99a2133
HP System Management Homepage for Windows v2.1.12.201:
http://h20000.www2.hp.com/bizsupport/...swItem=MTX-0ee8400155ae4c2bb066f244b2
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
HPSBMA02345 SSRT080039:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01488878
資料來源 http://secunia.com/advisories/30912/
留言列表
