CVE-2011-0280

Published: Mar 14, 2011Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp. NOTE: some of these details are obtained from third party information.

Affected (6)

Products: Hp: Power Manager

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Hp Power Manager	Up to 4.3.2
Hp Power Manager	Version 4.2.5
Hp Power Manager	Version 4.2.6
Hp Power Manager	Version 4.2.7
Hp Power Manager	Version 4.2.8
Hp Power Manager	Version 4.2.9

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (8)

http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html

Source: hp-security-alert@hp.com

http://secunia.com/advisories/43058

Source: hp-security-alert@hp.com

Vendor Advisory

http://www.securityfocus.com/bid/46830

Source: hp-security-alert@hp.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/66035

Source: hp-security-alert@hp.com

http://archives.neohapsis.com/archives/bugtraq/2011-03/0111.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43058

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/46830

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/66035

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.