CVE-2010-4111

Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=129245189832672&w=2	Vendor Advisory
http://www.securitytracker.com/id?1024897

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:hp:insight_diagnostics:8.3.0.3320::online:::::
	cpe:2.3:a:hp:insight_diagnostics:8.2.5.3157::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.9.0.2359::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.8.0.2257::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.0.0.1198::online:::::
	cpe:2.3:a:hp:insight_diagnostics:6.3.1.887::online:::::
	cpe:2.3:a:hp:insight_diagnostics:::online:::::*
	cpe:2.3:a:hp:insight_diagnostics:8.4.0.3521::online:::::
	cpe:2.3:a:hp:insight_diagnostics:8.0.0.2587::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.9.1.2401::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.4.0.1570::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.5.5.1681::online:::::
	cpe:2.3:a:hp:insight_diagnostics:8.1.1.2784::online:::::
	cpe:2.3:a:hp:insight_diagnostics:8.2.0.3058::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.6.0.1984::online:::::
	cpe:2.3:a:hp:insight_diagnostics:8.1.5.2890::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.7.0.2112::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.0.1.1219::online:::::
	cpe:2.3:a:hp:insight_diagnostics:6.3.0.878::online:::::
	cpe:2.3:a:hp:insight_diagnostics:8.1.0.2718::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.5.0.1679::online:::::

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:hp:insight_diagnostics:8.3.0-14::online:::::
	cpe:2.3:a:hp:insight_diagnostics:8.1.5-311::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.7.0-142::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.6.0-23::online:::::
	cpe:2.3:a:hp:insight_diagnostics:6.3.0-15::online:::::
	cpe:2.3:a:hp:insight_diagnostics:::online:::::*
	cpe:2.3:a:hp:insight_diagnostics:8.4.0-18::online:::::
	cpe:2.3:a:hp:insight_diagnostics:8.3.1-105::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.9.0-105::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.8.0-159::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.0.0-30::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.0.1-8::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.4.0-11::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.9.1-15::online:::::
	cpe:2.3:a:hp:insight_diagnostics:8.1.1-206::online:::::
	cpe:2.3:a:hp:insight_diagnostics:8.1.0-136::online:::::
	cpe:2.3:a:hp:insight_diagnostics:6.3.1-1::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.5.0-14::online:::::
	cpe:2.3:a:hp:insight_diagnostics:8.0.0-210::online:::::
	cpe:2.3:a:hp:insight_diagnostics:7.5.5-1::online:::::

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Information

Published : 2010-12-22 13:00

Updated : 2011-01-10 22:45

NVD link : CVE-2010-4111

Mitre link : CVE-2010-4111

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

linux

linux_kernel

microsoft

windows

insight_diagnostics

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://marc.info/?l=bugtraq&m=129245189832672&w=2", "name": "HPSBMA02615", "tags": ["Vendor Advisory"], "refsource": "HP"}, {"url": "http://www.securitytracker.com/id?1024897", "name": "1024897", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-4111", "ASSIGNER": "hp-security-alert@hp.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2010-12-22T21:00Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:8.3.0.3320:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:8.2.5.3157:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.9.0.2359:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.8.0.2257:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.0.0.1198:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:6.3.1.887:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:*:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.5.0.3625"}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:8.4.0.3521:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:8.0.0.2587:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.9.1.2401:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.4.0.1570:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.5.5.1681:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:8.1.1.2784:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:8.2.0.3058:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.6.0.1984:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:8.1.5.2890:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.7.0.2112:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.0.1.1219:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:6.3.0.878:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:8.1.0.2718:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.5.0.1679:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:8.3.0-14:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:8.1.5-311:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.7.0-142:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.6.0-23:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:6.3.0-15:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:*:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.5.0-11"}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:8.4.0-18:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:8.3.1-105:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.9.0-105:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.8.0-159:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.0.0-30:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.0.1-8:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.4.0-11:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.9.1-15:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:8.1.1-206:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:8.1.0-136:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:6.3.1-1:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.5.0-14:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:8.0.0-210:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:insight_diagnostics:7.5.5-1:*:online:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-01-11T06:45Z"}

4.3 /10