CVE-2009-1418

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01745065

http://jvn.jp/en/jp/JVN02331156/index.html

http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000029.html

http://secunia.com/advisories/35108

http://securitytracker.com/id?1022242

http://www.securityfocus.com/bid/35031

https://exchange.xforce.ibmcloud.com/vulnerabilities/50633

Details

Source: MITRE

Published: 2009-05-19

Updated: 2017-08-17

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:hp:system_management_homepage:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.0.1.104:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.0.2.106:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.0-103:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.0-103\(a\):*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.0-109:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.0-118:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.0.121:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.2-127:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.2.127:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.3.132:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.4-143:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.4.143:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.5-146:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.5.146:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.5.146:b:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.6:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.6-156:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.6.156:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.7:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.7-168:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.7.168:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.8:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.8-177:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.8.179:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.9:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.9-178:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.10:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.10-186:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.10.186:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.10.186:b:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.10.186:c:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.11:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.11-197:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.11.197:a:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.12-118:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.12-200:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.12.201:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.14.20:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.15-210:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.1.15.210:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:2.2.8:*:*:*:*:*:*:*

cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:* versions up to 3.0.0-68 (inclusive)

cpe:2.3:a:hp:system_management_homepage:3.0.0.64:*:*:*:*:*:*:*

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
38832HP System Management Homepage < 3.0.1.73 Multiple FlawsNessusCGI abuses
medium