{"title": "HP Web JetAdmin obj Variable XSS", "published": "2004-04-27T00:00:00", "references": [], "type": "osvdb", "enchantments": {"score": {"value": 0.1, "vector": "NONE", "modified": "2017-04-28T13:20:00"}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:00"}, "vulnersScore": 0.1}, "cvelist": [], "viewCount": 0, "affectedSoftware": [{"version": "6.2", "name": "JetAdmin", "operator": "eq"}, {"version": "7.0", "name": "JetAdmin", "operator": "eq"}, {"version": "6.5", "name": "JetAdmin", "operator": "eq"}], "hash": "6bd75af4f3d060974ddf5259d3d5c3b96c9426eb17da99897db1b173a9770156", "id": "OSVDB:5796", "modified": "2004-04-27T00:00:00", "history": [], "href": "https://vulners.com/osvdb/OSVDB:5796", "hashmap": [{"hash": "18e1eeb3fb2d17efef8673fb319ff268", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "dc0e34e6a42c0eb44978604e923e7850", "key": "description"}, {"hash": "856caca717e136d18c9e0e5893410765", "key": "href"}, {"hash": "82456d933e1e51c53915df3e46d9f5e1", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "82456d933e1e51c53915df3e46d9f5e1", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "c9b56db3f272feeb38ab28b4cb17c268", "key": "reporter"}, {"hash": "96f846ea4ff86f79712596239fea9066", "key": "title"}, {"hash": "1327ac71f7914948578f08c54f772b10", "key": "type"}], "objectVersion": "1.2", "edition": 1, "description": "## Vulnerability Description\nHP JetAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate \"obj\" variables when accessing functions. This could allow a user to create a specially crafted HTTP POST request that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 7.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nHP JetAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate \"obj\" variables when accessing functions. This could allow a user to create a specially crafted HTTP POST request that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.hp.com/\n[Vendor Specific Advisory URL](http://archives.neohapsis.com/archives/bugtraq/2004-04/0359.html)\n[Secunia Advisory ID:11536](https://secuniaresearch.flexerasoftware.com/advisories/11536/)\n[Related OSVDB ID: 5793](https://vulners.com/osvdb/OSVDB:5793)\n[Related OSVDB ID: 5798](https://vulners.com/osvdb/OSVDB:5798)\n[Related OSVDB ID: 5792](https://vulners.com/osvdb/OSVDB:5792)\n[Related OSVDB ID: 5794](https://vulners.com/osvdb/OSVDB:5794)\n[Related OSVDB ID: 5790](https://vulners.com/osvdb/OSVDB:5790)\n[Related OSVDB ID: 5791](https://vulners.com/osvdb/OSVDB:5791)\n[Related OSVDB ID: 5795](https://vulners.com/osvdb/OSVDB:5795)\n[Related OSVDB ID: 5797](https://vulners.com/osvdb/OSVDB:5797)\nOther Advisory URL: http://www.phenoelit.de/stuff/HP_Web_Jetadmin_advisory.txt\n[Nessus Plugin ID:12227](https://vulners.com/search?query=pluginID:12227)\nKeyword: HPSBPI01026\nKeyword: SSRT2397\nCIAC Advisory: o-136\nBugtraq ID: 10224\n", "bulletinFamily": "software", "reporter": "FX(fx@phenoelit.de)", "cvss": {"vector": "NONE", "score": 0.0}, "lastseen": "2017-04-28T13:20:00"}

{}