CVE-2009-4185

Product:
hp: system_management_homepage 2.0.0
hp: system_management_homepage 2.0.1
hp: system_management_homepage 2.0.2
hp: system_management_homepage 2.1
hp: system_management_homepage 2.1.0-103
hp: system_management_homepage 2.1.0-103(a)
hp: system_management_homepage 2.1.0-109
hp: system_management_homepage 2.1.0-118
hp: system_management_homepage 2.1.1
hp: system_management_homepage 2.1.10
hp: system_management_homepage 2.1.10-186
hp: system_management_homepage 2.1.11
hp: system_management_homepage 2.1.11-197
hp: system_management_homepage 2.1.12-118
hp: system_management_homepage 2.1.12-200
hp: system_management_homepage 2.1.15-210
hp: system_management_homepage 2.1.2
hp: system_management_homepage 2.1.2-127
hp: system_management_homepage 2.1.3
hp: system_management_homepage 2.1.3.132
hp: system_management_homepage 2.1.4
hp: system_management_homepage 2.1.4-143
hp: system_management_homepage 2.1.5
hp: system_management_homepage 2.1.5-146
hp: system_management_homepage 2.1.6
hp: system_management_homepage 2.1.6-156
hp: system_management_homepage 2.1.7
hp: system_management_homepage 2.1.7-168
hp: system_management_homepage 2.1.8
hp: system_management_homepage 2.1.8-177
hp: system_management_homepage 2.1.9
hp: system_management_homepage 2.1.9-178
hp: system_management_homepage 2.2.6
hp: system_management_homepage 2.2.8
hp: system_management_homepage 3.0.0-68
hp: system_management_homepage 3.0.1.73
hp: system_management_homepage 3.0.2.77

Severity: Medium (4.3)

CVSS vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Attack`s vector: Victim must voluntarily interact with attack mechanism

Potential loss type: Integrity

Vulnerability description:
Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (SMH) before 6.0 allows remote attackers to inject arbitrary web script or HTML via the servercert parameter.

Patch available: No

References:
VUPEN: http://www.vupen.com/english/advisories/2010/0294
SECTRACK: http://www.securitytracker.com/id?1023541
BID: http://www.securityfocus.com/bid/38081
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/509195/100/0/threaded ...
MISC: http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-1 ...
SECUNIA: http://secunia.com/advisories/38341
HP: http://marc.info/?l=bugtraq&m=126529736830358&w=2
HP: http://marc.info/?l=bugtraq&m=126529736830358&w=2