Vulnerability Details : CVE-2011-2406
Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2011-2406
- cpe:2.3:a:hp:openview_performance_insight:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:hp:openview_performance_insight:5.4:*:*:*:*:*:*:*
- cpe:2.3:a:hp:openview_performance_insight:5.31:*:*:*:*:*:*:*
- cpe:2.3:a:hp:openview_performance_insight:5.41:*:*:*:*:*:*:*
- cpe:2.3:a:hp:openview_performance_insight:5.41.002:*:*:*:*:*:*:*
- cpe:2.3:a:hp:openview_performance_insight:5.41.001:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2406
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2406
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST |
CWE ids for CVE-2011-2406
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2406
-
http://securityreason.com/securityalert/8333
HP OpenView Performance Insight Unauthorized Access XSS - CXSecurity.com
-
http://www.securityfocus.com/bid/49096
HP OpenView Performance Insight Security Bypass and HTML Injection Vulnerabilities
-
http://marc.info/?l=bugtraq&m=131292748121409&w=2
'[security bulletin] HPSBMU02695 SSRT100480 rev.1 - HP OpenView Performance Insight, Remote HTML Inje' - MARCVendor Advisory
Jump to