Test ID:	1.3.6.1.4.1.25623.1.0.800189
Category:	Web application abuses
Title:	HP/HPE System Management Homepage (SMH) Insight Diagnostics Multiple XSS Vulnerabilities (HPSBMA02571)
Summary:	HP/HPE System Management Homepage (SMH) with Insight Diagnostics is; prone to multiple cross-site scripting (XSS) vulnerabilities.
Description:	Summary: HP/HPE System Management Homepage (SMH) with Insight Diagnostics is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: The flaws are caused by input validation errors in the 'parameters.php', 'idstatusframe.php', 'survey.php', 'globals.php' and 'custom.php' pages, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Vulnerability Impact: Successful exploitation will allow attackers to inject arbitrary HTML code in the context of an affected site. Affected Software/OS: HP/HPE SMH Insight Diagnostics Online Edition before 8.5.0-11. Solution: The vendor has released updates. Please see the referenced vendor advisory for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3003 HPdes Security Advisory: HPSBMA02571 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472 HPdes Security Advisory: SSRT100034 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-05 http://www.vupen.com/english/advisories/2010/2245
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.