CVE-2008-4411 — Cross-site Scripting in HP System Management Homepage

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 37.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP System Management Homepage

Timeline

PublishedOct 13

Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDhp/system_management_homepage2.1.12-200+30

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-7g5q-fwvw-j3vm: Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2↗2022-05-02

▶

CVEList

CVE-2008-4411: Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2↗2008-10-13

▶