HP System Management Homepage <= 3.0.2 'servercert' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37968/info HP System Management Homepage, also known as Systems Insight Manager, is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

CVE-2009-4185

Cross-site scripting XSS vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage SMH before 6.0 allows remote attackers to inject arbitrary web script or HTML via the servercert parameter...

CVE-2009-4185

HP System Management Homepage (SMH) before version 6.0.0.96/6.0.0-95 is vulnerable to a Cross-site scripting (XSS) flaw in the proxy/smhui/getuiinfo handler via the servercert parameter. The issue is addressed in HP’s security bulletin HPSBMA02504, which lists affected platforms (Windows and Linu...

CVE-2009-4185

Cross-site scripting XSS vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage SMH before 6.0 allows remote attackers to inject arbitrary web script or HTML via the servercert parameter...

HP系统管理主页servercert参数跨站脚本漏洞

BUGTRAQ ID: 37968 HP系统管理主页（SMH）是一个基于Web的界面，整合并简化了Windows、Lunux和HP-UX操作系统上对HP服务器的单系统管理过程。 HP SMH没有正确地过滤URI请求中的servercert参数，用户受骗跟随了恶意链接就可能导致跨站脚本攻击，在浏览器会话中注入并执行HTML和脚本代码。 HP System Management Homepage 3.0 HP System Management Homepage 2.1 厂商补丁： HP -- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

PR09-15: XSS injection vulnerability within HP System Management Homepage &#40;Insight Manager&#41;

PR09-15: XSS injection vulnerability within HP System Management Homepage Insight Manager Vulnerability found: 11th October 2009 Severity: Medium Description: A XSS vulnerability has been found within HP System Management; Arising from insufficient input filtering. By using a specially-crafted...