Lucene search

[email protected]CVE-2011-0280

HistoryMar 14, 2011 - 7:55 p.m.

CVE-2011-0280

2011-03-1419:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2011-0280

xss

hp power manager

hppm 4.3.2

web script

html

remote attackers

security vulnerability

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.013 Low

EPSS

Percentile

85.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
hp:power_managerhp power managerle4.3.2
hp:power_managerhp power managereq4.2.5
hp:power_managerhp power managereq4.2.8
hp:power_managerhp power managereq4.2.6
hp:power_managerhp power managereq4.2.9
hp:power_managerhp power managereq4.2.7

CPE	Name	Operator	Version
hp:power_manager	hp power manager	le	4.3.2
hp:power_manager	hp power manager	eq	4.2.5
hp:power_manager	hp power manager	eq	4.2.8
hp:power_manager	hp power manager	eq	4.2.6
hp:power_manager	hp power manager	eq	4.2.9
hp:power_manager	hp power manager	eq	4.2.7

References

archives.neohapsis.com/archives/bugtraq/2011-03/0111.html

secunia.com/advisories/43058

www.securityfocus.com/bid/46830

exchange.xforce.ibmcloud.com/vulnerabilities/66035

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.013 Low

EPSS

Percentile

85.8%

JSON

Related for CVE-2011-0280

prion1 openvas4 cvelist1