Cross-site scripting vulnerability in HP Power Manager (HPPM) version less than or equal to 4.3.2ID: oval:org.secpod.oval:def:461 | Date: (C)2011-03-18 (M)2022-10-10 |
Class: VULNERABILITY | Family: windows |
The host is installed with HP Power Manager and is prone to cross-site scripting vulnerability. A flaw is present in HP Power Manager which fail to validate the input when the logType parameter is passed to Contents/exportlogs.asp, the Id parameter is passed to Contents/pagehelp.asp, and the SORTORD or SORTCOL parameter is passed to Contents/applicationlogs.asp. Successful exploitation allow remote attackers to inject arbitrary web script or HTML.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows XP |