header-logo
Suggest Exploit
vendor:
System Management Homepage (SMH)
by:
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: System Management Homepage (SMH)
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:hp:system_management_homepage
Metasploit:
Other Scripts:
Platforms Tested: Windows, Linux, HP-UX

Cross-Site Scripting Vulnerability in HP System Management Homepage (SMH)

This vulnerability allows an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected site. By exploiting this vulnerability, the attacker can steal cookie-based authentication credentials and launch other attacks.

Mitigation:

It is recommended to update to the latest version of HP System Management Homepage (SMH) to mitigate this vulnerability. Regularly monitoring and scanning for any malicious activity can also help in detecting and preventing such attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/30846/info

HP System Management Homepage (SMH) is prone to a cross-site scripting vulnerability.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected site. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

NOTE: This issue may stem from an incomplete fix for the issues discussed in BIDs 24256 (HP System Management Homepage (SMH) Unspecified Cross Site Scripting Vulnerability) and 25953 (HP System Management Homepage (SMH) for Linux, Windows, and HP-UX Cross Site Scripting Vulnerability), but Symantec has not confirmed this.

1st vector) https://www.example.com/message.php?<script><script>alert('xss')</script></script> 2nd vector) https://www.example.com/message.php?aa%00<script><script>alert('xss')</script></script> 3rd vector) https://www.example.com/message.php?aa<BGSOUND SRC="javascript:alert('XSS');">

Navigation

Suggest Exploit

Services By CQR