CVE-2014-7896

Published: Mar 3, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (4)

Products: Hp: Xp7 Global Link Manager Software, Xp P9000 Device Manager, Xp P9000 Replication Manager, Xp P9000 Tiered Storage Manager

4 products

Xp7 Global Link Manager Software

Xp P9000 Device Manager

Xp P9000 Replication Manager

Xp P9000 Tiered Storage Manager

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Hp Xp7 Global Link Manager Software	Up to 8.1.1
Hp Xp P9000 Device Manager	Up to 8.1.1
Hp Xp P9000 Replication Manager	Up to 7.6.1
Hp Xp P9000 Tiered Storage Manager	Up to 8.1.1

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www.securitytracker.com/id/1031828

Source: hp-security-alert@hp.com

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04582371

Source: hp-security-alert@hp.com

http://www.securitytracker.com/id/1031828

Source: af854a3a-2127-422b-91ae-364da2661108

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04582371

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.