CVE-2012-3251

Published: Aug 16, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (4)

Products: Hp: Service Center Web Tier, Service Manager Web Tier

2 products

Service Center Web Tier

Service Manager Web Tier

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Hp Service Center Web Tier	Version 6.28
Hp Service Manager Web Tier	Version 7.11
Hp Service Manager Web Tier	Version 9.21
Hp Service Manager Web Tier	Version 9.30

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03450382

Source: hp-security-alert@hp.com

Vendor Advisory

https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03450382

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.