The host is installed with HP Power Manager and is prone to cross-site scripting vulnerability. A flaw is present in HP Power Manager which fail to validate the input when the logType parameter is passed to Contents/exportlogs.asp, the Id parameter is passed to Contents/pagehelp.asp, and the SORTORD or SORTCOL parameter is passed to Contents/applicationlogs.asp. Successful exploitation allow remote attackers to inject arbitrary web script or HTML.