Test ID:	1.3.6.1.4.1.25623.1.0.103200
Category:	Web application abuses
Title:	HP OpenView Performance Insight Security Bypass and HTML Injection Vulnerabilities
Summary:	HP OpenView Performance Insight is prone to a security-bypass; vulnerability and an HTML-injection vulnerability.
Description:	Summary: HP OpenView Performance Insight is prone to a security-bypass vulnerability and an HTML-injection vulnerability. Vulnerability Impact: An attacker may leverage the HTML-injection issue to inject hostile HTML and script code that would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. The attacker may leverage the security-bypass issue to bypass certain security restrictions and perform unauthorized actions in the affected application. Solution: Vendor updates are available. Please see the references for details. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2406 BugTraq ID: 49096 http://www.securityfocus.com/bid/49096 HPdes Security Advisory: HPSBMU02695 http://marc.info/?l=bugtraq&m=131292748121409&w=2 HPdes Security Advisory: SSRT100480 http://securityreason.com/securityalert/8333 Common Vulnerability Exposure (CVE) ID: CVE-2011-2407 Common Vulnerability Exposure (CVE) ID: CVE-2011-2410 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02942411
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.