header-logo
Suggest Exploit
vendor:
HP System Management Homepage / Systems Insight Manager
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: HP System Management Homepage / Systems Insight Manager
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:hp:systems_insight_manager
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

HP System Management Homepage Cross-Site Scripting Vulnerability

The HP System Management Homepage, also known as Systems Insight Manager, is prone to a cross-site scripting vulnerability. An attacker can exploit this vulnerability by injecting arbitrary script code in the browser of an unsuspecting user visiting the affected site. This can be used to steal cookie-based authentication credentials.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest security patches and updates provided by HP. Additionally, users should be cautious when visiting untrusted websites or clicking on suspicious links.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/37968/info

HP System Management Homepage, also known as Systems Insight Manager, is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials. 

http://www.example.com/proxy/smhui/getuiinfo?JS&servercert=%0064e43<script>alert(1)</script>7b3f58a689f

Navigation

Suggest Exploit

Services By CQR