Code injection

HP Business Availability Center BAC 8.07 allows remote authenticated users to hijack web sessions via unspecified vectors...

CVE-2012-3256

CVE-2012-3256 is a CSRF vulnerability in HP Business Availability Center (BAC) v8.07 . The issue could allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. Affected product/version: HP BAC 8.07 on Windows and Solaris. Underlying cause is CSRF in the BAC ...

CVE-2012-3255

HP BAC 8.07 on Windows/Solaris is affected by CVE-2012-3255 (XSS) which allows remote attackers to inject arbitrary script/HTML via unspecified vectors. The issue is documented in HP security bulletin HPSBMU02811 and is associated with CVSS v2 base score 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N). HP provi...

CVE-2012-3257

HP BAC 8.07 (Windows and Solaris) is affected by CVE-2012-3257. The HP security bulletin documents cross-site scripting (XSS), cross-site request forgery (CSRF), and web session hijacking as potential issues that could be remotely exploited by authenticated users. Patches are provided for BAC v8....