ID de Prueba:	1.3.6.1.4.1.25623.1.0.103200
Categoría:	Web application abuses
Título:	HP OpenView Performance Insight Security Bypass and HTML Injection Vulnerabilities
Resumen:	HP OpenView Performance Insight is prone to a security-bypass; vulnerability and an HTML-injection vulnerability.
Descripción:	Summary: HP OpenView Performance Insight is prone to a security-bypass vulnerability and an HTML-injection vulnerability. Vulnerability Impact: An attacker may leverage the HTML-injection issue to inject hostile HTML and script code that would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. The attacker may leverage the security-bypass issue to bypass certain security restrictions and perform unauthorized actions in the affected application. Solution: Vendor updates are available. Please see the references for details. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2406 BugTraq ID: 49096 http://www.securityfocus.com/bid/49096 HPdes Security Advisory: HPSBMU02695 http://marc.info/?l=bugtraq&m=131292748121409&w=2 HPdes Security Advisory: SSRT100480 http://securityreason.com/securityalert/8333 Common Vulnerability Exposure (CVE) ID: CVE-2011-2407 Common Vulnerability Exposure (CVE) ID: CVE-2011-2410 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02942411
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.