CVE-2012-2013 — Cross-site Scripting in HP System Management Homepage

CWE-79 — Cross-site Scripting CWE-770 — Allocation of Resources Without Limits or Throttling45 documents10 sources

Severity

7.5HIGHNVD

GHSA4.3

EPSS

1.3%

top 20.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP System Management Homepage

Timeline

PublishedJun 29

Latest updateMay 17

Description

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service, or possibly obtain sensitive information or modify data, via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDhp/system_management_homepage7.1.0-16+70

Patches

Patch: h20000.www2.hp.com ↗Patch: h20000.www2.hp.com ↗

🔴Vulnerability Details

GHSA

Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet↗2022-05-17

▶

GHSA

OpenStack Compute (Nova) Denial of service via a large number of calls to the addFixedIp function↗2022-05-17

▶

GHSA

GHSA-x95c-rjv7-hrwr: Unspecified vulnerability in HP System Management Homepage (SMH) before 7↗2022-05-13

▶

CVEList

CVE-2012-2013: Unspecified vulnerability in HP System Management Homepage (SMH) before 7↗2012-06-29

▶

💥Exploits & PoCs

Exploit-DB

Java - Web Start Double Quote Injection Remote Code Execution (Metasploit)↗2013-06-11

▶

Exploit-DB

Joomla! 3.0.3 - 'remember.php' PHP Object Injection↗2013-04-26

▶

Exploit-DB

Google AD Sync Tool - Exposure of Sensitive Information↗2013-04-08

▶

Exploit-DB

Ettercap 0.7.5.1 - Stack Overflow↗2013-01-07

▶

📋Vendor Advisories

Red Hat

tomcat: incomplete fix for CVE-2012-3544↗2014-02-25

▶

Red Hat

Keystone: EC2-style authentication accepts disabled user/tenants↗2013-02-19

▶

Red Hat

Keystone: denial of service through invalid token requests↗2013-02-05

▶

Red Hat

acroread: multiple code execution flaws (APSB13-02)↗2013-01-08

▶

Red Hat

mysql: unspecified DoS vulnerability in MyISAM (Oracle CPU April 2012)↗2012-04-17

▶

💬Community

Bugzilla

CVE-2012-4230 tinymce: XSS attacks via security policy bypass↗2014-04-25

▶

Bugzilla

CVE-2012-6612 CVE-2013-6407 Apache Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler↗2013-11-29

▶

Bugzilla

CVE-2013-4442 pwgen: silent fallback to insecure entropy↗2013-10-17

▶

Bugzilla

CVE-2013-2067 CVE-2012-3544 tomcat6 various flaws [fedora-all]↗2013-05-10

▶

Bugzilla

CVE-2013-2051 tomcat: DIGEST authentication vulnerable to replay attacks↗2013-05-03

▶