CVE-2007-4350

Published: Oct 21, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the management interface in HP SiteScope 9.0 build 911 allows remote attackers to inject arbitrary web script or HTML via an SNMP trap message.

Affected (1)

Products: Hp: Sitescope

1 product

Sitescope

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hp Sitescope	Version 9.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (16)

http://secunia.com/advisories/27126

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://secunia.com/secunia_research/2007-84/

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://securityreason.com/securityalert/4447

Source: PSIRT-CNA@flexerasoftware.com

http://securitytracker.com/id?1021068

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/archive/1/497548/100/0/threaded

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/bid/31816

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2008/2854

Source: PSIRT-CNA@flexerasoftware.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/45958

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27126