Web application abuses : HP SiteScope Cross Site Scripting and HTML Injection Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.103149

Categoría: Web application abuses

Título: HP SiteScope Cross Site Scripting and HTML Injection Vulnerabilities

Resumen: HP SiteScope is prone to a cross-site scripting vulnerability and an;HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in;dynamically generated content.;;Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected;browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the;site is rendered to the user. Other attacks are also possible.;;HP SiteScope versions 9.54, 10.13, 11.01, and 11.1 are affected.

Descripción: Summary:
HP SiteScope is prone to a cross-site scripting vulnerability and an
HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in
dynamically generated content.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected
browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the
site is rendered to the user. Other attacks are also possible.

HP SiteScope versions 9.54, 10.13, 11.01, and 11.1 are affected.

Solution:
Vendor updates are available. Please see the references for more
information.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1726
BugTraq ID: 47554
http://www.securityfocus.com/bid/47554
HPdes Security Advisory: HPSBMA02667
http://marc.info/?l=bugtraq&m=130374351406700&w=2
HPdes Security Advisory: SSRT100464
http://osvdb.org/72060
http://www.securitytracker.com/id?1025436
http://secunia.com/advisories/44322
http://secunia.com/advisories/44354
http://securityreason.com/securityalert/8235
http://www.vupen.com/english/advisories/2011/1091
XForce ISS Database: sitescope-unspec-xss(67018)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67018
Common Vulnerability Exposure (CVE) ID: CVE-2011-1727
http://osvdb.org/72061
XForce ISS Database: hp-sitescope-unspec-xss(67020)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67020

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.103149
Categoría:	Web application abuses
Título:	HP SiteScope Cross Site Scripting and HTML Injection Vulnerabilities
Resumen:	HP SiteScope is prone to a cross-site scripting vulnerability and an;HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in;dynamically generated content.;;Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected;browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the;site is rendered to the user. Other attacks are also possible.;;HP SiteScope versions 9.54, 10.13, 11.01, and 11.1 are affected.
Descripción:	Summary: HP SiteScope is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. HP SiteScope versions 9.54, 10.13, 11.01, and 11.1 are affected. Solution: Vendor updates are available. Please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1726 BugTraq ID: 47554 http://www.securityfocus.com/bid/47554 HPdes Security Advisory: HPSBMA02667 http://marc.info/?l=bugtraq&m=130374351406700&w=2 HPdes Security Advisory: SSRT100464 http://osvdb.org/72060 http://www.securitytracker.com/id?1025436 http://secunia.com/advisories/44322 http://secunia.com/advisories/44354 http://securityreason.com/securityalert/8235 http://www.vupen.com/english/advisories/2011/1091 XForce ISS Database: sitescope-unspec-xss(67018) https://exchange.xforce.ibmcloud.com/vulnerabilities/67018 Common Vulnerability Exposure (CVE) ID: CVE-2011-1727 http://osvdb.org/72061 XForce ISS Database: hp-sitescope-unspec-xss(67020) https://exchange.xforce.ibmcloud.com/vulnerabilities/67020
Copyright	Copyright (C) 2011 Greenbone AG