CVE-2008-4411

Description

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663.

Affected products

• HP / system_management_homepage2.1.12-200
• HP / system_management_homepage2.0.0 – 2.0.0
• HP / system_management_homepage2.0.1 – 2.0.1
• HP / system_management_homepage2.0.2 – 2.0.2
• HP / system_management_homepage2.1 – 2.1
• HP / system_management_homepage2.1.0-103 – 2.1.0-103
• HP / system_management_homepage2.1.0-103(a) – 2.1.0-103(a)
• HP / system_management_homepage2.1.0-109 – 2.1.0-109
• HP / system_management_homepage2.1.0-118 – 2.1.0-118
• HP / system_management_homepage2.1.1 – 2.1.1
• HP / system_management_homepage2.1.2 – 2.1.2
• HP / system_management_homepage2.1.2-127 – 2.1.2-127
• HP / system_management_homepage2.1.3 – 2.1.3
• HP / system_management_homepage2.1.3.132 – 2.1.3.132
• HP / system_management_homepage2.1.4 – 2.1.4
• HP / system_management_homepage2.1.4-143 – 2.1.4-143
• HP / system_management_homepage2.1.5 – 2.1.5
• HP / system_management_homepage2.1.5-146 – 2.1.5-146
• HP / system_management_homepage2.1.6 – 2.1.6
• HP / system_management_homepage2.1.6-156 – 2.1.6-156
• HP / system_management_homepage2.1.7 – 2.1.7
• HP / system_management_homepage2.1.7-168 – 2.1.7-168
• HP / system_management_homepage2.1.8 – 2.1.8
• HP / system_management_homepage2.1.8-177 – 2.1.8-177
• HP / system_management_homepage2.1.9 – 2.1.9
• HP / system_management_homepage2.1.9-178 – 2.1.9-178
• HP / system_management_homepage2.1.10 – 2.1.10
• HP / system_management_homepage2.1.10-186 – 2.1.10-186
• HP / system_management_homepage2.1.11 – 2.1.11
• HP / system_management_homepage2.1.11-197 – 2.1.11-197
• HP / system_management_homepage2.1.12-118 – 2.1.12-118

References

• MISChttp://www.securityfocus.com/bid/31663
• MISChttp://securitytracker.com/id?1021015
• MAILING_LISThttp://marc.info/?l=bugtraq&m=122356588429626&w=2
• MAILING_LISThttp://marc.info/?l=bugtraq&m=122356588429626&w=2
• VENDOR_ADVISORYhttp://secunia.com/advisories/32199
• MISChttp://securityreason.com/securityalert/4398
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/45754
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/2778