CVE-2011-1726 : Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and

Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published 2011-05-03 20:55:12

Updated 2025-04-11 00:51:22

Source HP Inc.

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Products affected by CVE-2011-1726

HP » Sitescope » Version: 10.13
cpe:2.3:a:hp:sitescope:10.13:*:*:*:*:*:*:*
Matching versions
HP » Sitescope » Version: 11.01
cpe:2.3:a:hp:sitescope:11.01:*:*:*:*:*:*:*
Matching versions
HP » Sitescope » Version: 9.54
cpe:2.3:a:hp:sitescope:9.54:*:*:*:*:*:*:*
Matching versions
HP » Sitescope » Version: 11.1
cpe:2.3:a:hp:sitescope:11.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-1726

EPSS FAQ

1.20%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 77 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-1726

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2011-1726

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-1726

http://marc.info/?l=bugtraq&m=130374351406700&w=2

'[security bulletin] HPSBMA02667 SSRT100464 rev.1 - HP SiteScope, Cross Site Scripting (XSS) and HTML' - MARC
Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id?1025436

HP SiteScope Input Validation Flaws Permit Cross-Site Scripting and HTML Injection Attacks - SecurityTracker

CVEs referencing this url
http://secunia.com/advisories/44322

Sign in

CVEs referencing this url
http://securityreason.com/securityalert/8235

HP SiteScope, Cross Site Scripting (XSS) and HTML - CXSecurity.com

CVEs referencing this url
http://secunia.com/advisories/44354

Sign in

CVEs referencing this url
http://www.securityfocus.com/bid/47554

HP SiteScope Cross Site Scripting and HTML Injection Vulnerabilities

CVEs referencing this url
http://osvdb.org/72060
http://www.vupen.com/english/advisories/2011/1091

Webmail | OVH- OVH

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/67018

HP SiteScope unspecified cross-site scripting CVE-2011-1726 Vulnerability Report

Jump to

Vulnerability Details : CVE-2011-1726

Products affected by CVE-2011-1726

Exploit prediction scoring system (EPSS) score for CVE-2011-1726

CVSS scores for CVE-2011-1726

CWE ids for CVE-2011-1726

References for CVE-2011-1726