ID OSVDB:5796 Type osvdb Reporter FX(fx@phenoelit.de) Modified 2004-04-27T00:00:00
Description
Vulnerability Description
HP JetAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "obj" variables when accessing functions. This could allow a user to create a specially crafted HTTP POST request that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Solution Description
Upgrade to version 7.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
HP JetAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "obj" variables when accessing functions. This could allow a user to create a specially crafted HTTP POST request that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
{"title": "HP Web JetAdmin obj Variable XSS", "published": "2004-04-27T00:00:00", "references": [], "type": "osvdb", "enchantments": {"score": {"value": 4.3, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:00"}, "vulnersScore": 4.3}, "cvelist": [], "viewCount": 0, "affectedSoftware": [{"version": "6.2", "name": "JetAdmin", "operator": "eq"}, {"version": "7.0", "name": "JetAdmin", "operator": "eq"}, {"version": "6.5", "name": "JetAdmin", "operator": "eq"}], "hash": "6bd75af4f3d060974ddf5259d3d5c3b96c9426eb17da99897db1b173a9770156", "id": "OSVDB:5796", "modified": "2004-04-27T00:00:00", "history": [], "href": "https://vulners.com/osvdb/OSVDB:5796", "hashmap": [{"hash": "18e1eeb3fb2d17efef8673fb319ff268", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "dc0e34e6a42c0eb44978604e923e7850", "key": "description"}, {"hash": "856caca717e136d18c9e0e5893410765", "key": "href"}, {"hash": "82456d933e1e51c53915df3e46d9f5e1", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "82456d933e1e51c53915df3e46d9f5e1", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "c9b56db3f272feeb38ab28b4cb17c268", "key": "reporter"}, {"hash": "96f846ea4ff86f79712596239fea9066", "key": "title"}, {"hash": "1327ac71f7914948578f08c54f772b10", "key": "type"}], "objectVersion": "1.2", "edition": 1, "description": "## Vulnerability Description\nHP JetAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate \"obj\" variables when accessing functions. This could allow a user to create a specially crafted HTTP POST request that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 7.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nHP JetAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate \"obj\" variables when accessing functions. This could allow a user to create a specially crafted HTTP POST request that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.hp.com/\n[Vendor Specific Advisory URL](http://archives.neohapsis.com/archives/bugtraq/2004-04/0359.html)\n[Secunia Advisory ID:11536](https://secuniaresearch.flexerasoftware.com/advisories/11536/)\n[Related OSVDB ID: 5793](https://vulners.com/osvdb/OSVDB:5793)\n[Related OSVDB ID: 5798](https://vulners.com/osvdb/OSVDB:5798)\n[Related OSVDB ID: 5792](https://vulners.com/osvdb/OSVDB:5792)\n[Related OSVDB ID: 5794](https://vulners.com/osvdb/OSVDB:5794)\n[Related OSVDB ID: 5790](https://vulners.com/osvdb/OSVDB:5790)\n[Related OSVDB ID: 5791](https://vulners.com/osvdb/OSVDB:5791)\n[Related OSVDB ID: 5795](https://vulners.com/osvdb/OSVDB:5795)\n[Related OSVDB ID: 5797](https://vulners.com/osvdb/OSVDB:5797)\nOther Advisory URL: http://www.phenoelit.de/stuff/HP_Web_Jetadmin_advisory.txt\n[Nessus Plugin ID:12227](https://vulners.com/search?query=pluginID:12227)\nKeyword: HPSBPI01026\nKeyword: SSRT2397\nCIAC Advisory: o-136\nBugtraq ID: 10224\n", "bulletinFamily": "software", "reporter": "FX(fx@phenoelit.de)", "cvss": {"vector": "NONE", "score": 0.0}, "lastseen": "2017-04-28T13:20:00"}