ByteOS Network

Vulnerability Details :

CVE-2010-3291

Assigner-hp

Assigner Org ID-74586083-13ce-40fd-b46a-8e5d23cfbcb2

Published At-21 Oct, 2010 | 18:12

Updated At-07 Aug, 2024 | 03:03

Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x through AC_5.03, and AssetManager 5.1x through AM_5.12 and 5.2x through AM_5.22, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:hp

Assigner Org ID:74586083-13ce-40fd-b46a-8e5d23cfbcb2

Published At:21 Oct, 2010 | 18:12

Updated At:07 Aug, 2024 | 03:03

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://secunia.com/advisories/41901	third-party-advisory x_refsource_SECUNIA
http://www.securitytracker.com/id?1024615	vdb-entry x_refsource_SECTRACK
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02535850	vendor-advisory x_refsource_HP
http://www.securityfocus.com/bid/44261	vdb-entry x_refsource_BID
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02535850	vendor-advisory x_refsource_HP
http://www.vupen.com/english/advisories/2010/2737	vdb-entry x_refsource_VUPEN

Hyperlink: http://secunia.com/advisories/41901

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.securitytracker.com/id?1024615

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02535850

Resource:

vendor-advisory

x_refsource_HP

Hyperlink: http://www.securityfocus.com/bid/44261

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02535850

Resource:

vendor-advisory

x_refsource_HP

Hyperlink: http://www.vupen.com/english/advisories/2010/2737

Resource:

vdb-entry

x_refsource_VUPEN

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://secunia.com/advisories/41901	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.securitytracker.com/id?1024615	vdb-entry x_refsource_SECTRACK x_transferred
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02535850	vendor-advisory x_refsource_HP x_transferred
http://www.securityfocus.com/bid/44261	vdb-entry x_refsource_BID x_transferred
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02535850	vendor-advisory x_refsource_HP x_transferred
http://www.vupen.com/english/advisories/2010/2737	vdb-entry x_refsource_VUPEN x_transferred

Hyperlink: http://secunia.com/advisories/41901

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.securitytracker.com/id?1024615

Resource:

vdb-entry

x_refsource_SECTRACK

x_transferred

Hyperlink: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02535850

Resource:

vendor-advisory

x_refsource_HP

x_transferred

Hyperlink: http://www.securityfocus.com/bid/44261

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02535850

Resource:

vendor-advisory

x_refsource_HP

x_transferred

Hyperlink: http://www.vupen.com/english/advisories/2010/2737

Resource:

vdb-entry

x_refsource_VUPEN

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:hp-security-alert@hp.com

Published At:21 Oct, 2010 | 19:00

Updated At:29 Apr, 2026 | 01:13

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://secunia.com/advisories/41901	hp-security-alert@hp.com	Vendor Advisory
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02535850	hp-security-alert@hp.com	N/A
http://www.securityfocus.com/bid/44261	hp-security-alert@hp.com	N/A
http://www.securitytracker.com/id?1024615	hp-security-alert@hp.com	N/A
http://www.vupen.com/english/advisories/2010/2737	hp-security-alert@hp.com	Vendor Advisory
http://secunia.com/advisories/41901	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02535850	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/44261	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securitytracker.com/id?1024615	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2010/2737	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory

Hyperlink: http://secunia.com/advisories/41901

Source: hp-security-alert@hp.com

Resource:

Vendor Advisory

Hyperlink: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02535850

Source: hp-security-alert@hp.com

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/44261

Source: hp-security-alert@hp.com

Resource: N/A

Hyperlink: http://www.securitytracker.com/id?1024615

Source: hp-security-alert@hp.com

Resource: N/A

Hyperlink: http://www.vupen.com/english/advisories/2010/2737

Source: hp-security-alert@hp.com

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/41901

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Hyperlink: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02535850

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/44261

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://www.securitytracker.com/id?1024615

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://www.vupen.com/english/advisories/2010/2737

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Similar CVEs

12320Records found

CVE-2014-7896

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.60% / 69.50%

7 Day CHG~0.00%

Published-03 Mar, 2015 | 11:00

Updated-06 May, 2026 | 22:30

Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-xp_p9000_tiered_storage_manager xp_p9000_replication_manager xp7_global_link_manager_software xp_p9000_device_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-2684

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-6.50% / 91.20%

7 Day CHG~0.00%

Published-13 Oct, 2009 | 10:00

Updated-23 Apr, 2026 | 00:35

Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.

Vendor-n/a HP Inc.

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-4661

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-1.39% / 80.52%

7 Day CHG~0.00%

Published-10 Oct, 2014 | 01:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-records_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-2640

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-2.12% / 84.31%

7 Day CHG~0.00%

Published-02 Oct, 2014 | 00:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-system_management_homepage n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-2647

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-2.05% / 84.07%

7 Day CHG~0.00%

Published-19 Oct, 2014 | 01:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-operations_agent n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-2644

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.67% / 71.50%

7 Day CHG~0.00%

Published-06 Oct, 2014 | 01:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Vendor-n/a HP Inc.

Product-systems_insight_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-6222

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.88% / 75.52%

7 Day CHG~0.00%

Published-23 Aug, 2014 | 23:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-service_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-6220

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 70.33%

7 Day CHG~0.00%

Published-10 May, 2014 | 01:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-network_node_manager_i n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-6191

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 70.33%

7 Day CHG~0.00%

Published-17 Dec, 2013 | 02:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-operations_orchestration n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-4833

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 70.33%

7 Day CHG~0.00%

Published-16 Oct, 2013 | 10:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 through 9.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-service_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-4845

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 70.33%

7 Day CHG~0.00%

Published-14 Dec, 2013 | 22:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-officejet_pro_8500_firmware officejet_pro_8500 n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-4842

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 70.33%

7 Day CHG~0.00%

Published-16 Nov, 2013 | 02:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-integrated_lights-out_4 integrated_lights-out_firmware n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-1418

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.59% / 69.47%

7 Day CHG~0.00%

Published-19 May, 2009 | 19:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-system_management_homepage n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-1333

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.69% / 71.89%

7 Day CHG~0.00%

Published-17 Apr, 2009 | 14:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in refresh_rate.htm in the web interface on the HP Deskjet 6840 printer with firmware XF1M131A allows remote attackers to inject arbitrary web script or HTML via the POST request body.

Vendor-n/a HP Inc.

Product-deskjet_6840 n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-2337

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 70.33%

7 Day CHG~0.00%

Published-14 Jun, 2013 | 18:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-service_manager service_center n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2017-13986

Matching Score-10

Assigner-OpenText (formerly Micro Focus)

View Details

Matching Score-10

Assigner-OpenText (formerly Micro Focus)

CVSS Score-6.1||MEDIUM

EPSS-0.36% / 58.38%

7 Day CHG~0.00%

Published-29 Sep, 2017 | 14:00

Updated-13 May, 2026 | 00:24

A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.

Vendor-n/a HP Inc.

Product-arcsight_enterprise_security_manager arcsight_enterprise_security_manager_express n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2010-1036

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.53% / 67.57%

7 Day CHG~0.00%

Published-28 Apr, 2010 | 22:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-systems_insight_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-0204

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.78% / 73.79%

7 Day CHG~0.00%

Published-30 Jan, 2009 | 19:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-select_access n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2010-0449

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.65% / 70.90%

7 Day CHG~0.00%

Published-31 Mar, 2010 | 17:35

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Vendor-n/a HP Inc.

Product-soa_registry_foundation n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2008-4411

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.43% / 63.02%

7 Day CHG~0.00%

Published-13 Oct, 2008 | 18:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663.

Vendor-n/a HP Inc.

Product-system_management_homepage n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2008-1663

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.39% / 59.97%

7 Day CHG~0.00%

Published-09 Jul, 2008 | 00:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-system_management_homepage n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-2361

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 70.33%

7 Day CHG~0.00%

Published-19 Jul, 2013 | 18:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-system_management_homepage n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2007-6343

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.66% / 71.24%

7 Day CHG~0.00%

Published-13 Dec, 2007 | 22:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-openview_network_node_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2007-6232

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-3.54% / 87.81%

7 Day CHG~0.00%

Published-04 Dec, 2007 | 18:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.

Vendor-windriver ftp santa_cruz_operation n/a IBM Corporation Sun Microsystems (Oracle Corporation)Linux Kernel Organization, Inc Silicon Graphics, Inc.HP Inc.

Product-admin hp-ux solaris aix irix sco_unix linux_kernel tru64 bsdos n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2007-5302

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.60% / 69.70%

7 Day CHG~0.00%

Published-09 Oct, 2007 | 18:00

Updated-23 Apr, 2026 | 00:35

Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-hp-ux n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2007-4350

Matching Score-10

Assigner-Flexera Software LLC

View Details

Matching Score-10

Assigner-Flexera Software LLC

CVSS Score-4.3||MEDIUM

EPSS-0.80% / 74.13%

7 Day CHG~0.00%

Published-21 Oct, 2008 | 16:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in the management interface in HP SiteScope 9.0 build 911 allows remote attackers to inject arbitrary web script or HTML via an SNMP trap message.

Vendor-n/a HP Inc.

Product-sitescope n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-23697

Matching Score-10

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-10

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-6.1||MEDIUM

EPSS-0.30% / 53.43%

7 Day CHG~0.00%

Published-04 Apr, 2022 | 19:45

Updated-03 Aug, 2024 | 03:51

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Vendor-n/a HP Inc.

Product-oneview HPE OneView

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-23706

Matching Score-10

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-10

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-6.1||MEDIUM

EPSS-0.50% / 66.08%

7 Day CHG~0.00%

Published-17 May, 2022 | 20:01

Updated-03 Aug, 2024 | 03:51

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Vendor-n/a HP Inc.

Product-oneview HPE OneView

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2019-3486

Matching Score-10

Assigner-OpenText (formerly Micro Focus)

View Details

Matching Score-10

Assigner-OpenText (formerly Micro Focus)

CVSS Score-4.6||MEDIUM

EPSS-0.30% / 53.80%

7 Day CHG~0.00%

Published-25 Jul, 2019 | 14:30

Updated-16 Sep, 2024 | 22:35

ArcSight Security Management Center stored cross site script issue in version prior to 2.9.1

Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1

Vendor-Micro Focus International Limited HP Inc.

Product-arcsight_management_center Arcsight Security Management Center

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2019-3485

Matching Score-10

Assigner-OpenText (formerly Micro Focus)

View Details

Matching Score-10

Assigner-OpenText (formerly Micro Focus)

CVSS Score-4.6||MEDIUM

EPSS-0.30% / 53.80%

7 Day CHG~0.00%

Published-24 Jul, 2019 | 15:30

Updated-17 Sep, 2024 | 02:06

ArcSight Logger stored cross site script issue in version prior to 6.7.1

Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1

Vendor-Micro Focus International Limited HP Inc.

Product-arcsight_logger ArcSight Logger

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-6198

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.70% / 72.21%

7 Day CHG~0.00%

Published-29 Dec, 2013 | 02:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-service_manager service_manager_web_tier service_manager_web_client n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-5219

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.60% / 69.50%

7 Day CHG~0.00%

Published-28 Apr, 2013 | 01:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in HP Managed Printing Administration (MPA) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-managed_printing_administration n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-4814

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 70.33%

7 Day CHG~0.00%

Published-23 Sep, 2013 | 10:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in HP XP P9000 Command View Advanced Edition Suite Software 7.x before 7.5.0-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-xp_9000_command_view n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2019-11997

Matching Score-10

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-10

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-6.1||MEDIUM

EPSS-0.48% / 65.12%

7 Day CHG-0.09%

Published-16 Jan, 2020 | 18:55

Updated-04 Aug, 2024 | 23:10

A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the vulnerability in eIUM. The eIUM 8.3 FP01 customers are advised to install eIUM83FP01Patch_QXCR1001711284.20190806-1244 patch. The eIUM 9.0 customers are advised to upgrade to eIUM 9.0 FP02 PI5 or later versions. For other versions, please, contact the product support.

Vendor-HP Inc.Hewlett Packard Enterprise (HPE)

Product-enhanced_internet_usage_manager HPE enhanced Internet Usage Manager (eIUM)

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-3272

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 70.33%

7 Day CHG~0.00%

Published-06 Dec, 2012 | 11:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-laserjet_p4xxx laserjet_p3015 color_laserjet_cp6015 color_laserjet_cm60xx color_laserjet_cp4xxx color_laserjet_cm3530 color_laserjet_cp3525 n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-3255

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 70.33%

7 Day CHG~0.00%

Published-08 Sep, 2012 | 10:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-business_availability_center n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-2960

Matching Score-10

Assigner-CERT/CC

View Details

Matching Score-10

Assigner-CERT/CC

CVSS Score-4.3||MEDIUM

EPSS-0.74% / 73.19%

7 Day CHG~0.00%

Published-08 Aug, 2012 | 10:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file.

Vendor-n/a HP Inc.

Product-arcsight_connector_appliance_firmware arcsight_logger_appliance_firmware arcsight_connector_appliance arcsight_logger_appliance n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-3279

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 70.33%

7 Day CHG~0.00%

Published-06 Feb, 2013 | 11:00

Updated-29 Apr, 2026 | 01:13

Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-network_node_manager_i n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2010-3010

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.47% / 64.85%

7 Day CHG~0.00%

Published-15 Sep, 2010 | 19:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect Gigabit VPN Firewall 3CREVF100-73 with firmware before 1.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: a separate XSS issue for HP System Management Homepage (SMH) was originally assigned CVE-2010-3010 due to a CNA error, but CVE-2010-3012 is the appropriate identifier for the SMH issue.

Vendor-n/a HP Inc.

Product-3crevf100-73 3com_officeconnect_gigabit_vpn_firewall_software n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-4802

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.78% / 73.94%

7 Day CHG~0.00%

Published-26 Jul, 2013 | 17:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in HP Application Lifecycle Management (ALM) Quality Center before 11.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ZDI-CAN-1565.

Vendor-n/a HP Inc.

Product-application_lifecycle_management n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-2022

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-1.17% / 78.87%

7 Day CHG~0.00%

Published-07 Aug, 2012 | 19:00

Updated-29 Apr, 2026 | 01:13

Vendor-n/a HP Inc.

Product-network_node_manager_i n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-2001

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.64% / 70.66%

7 Day CHG~0.00%

Published-02 May, 2012 | 22:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in HP SNMP Agents for Linux before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-snmp_agents_for_linux n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2019-11992

Matching Score-10

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-10

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-6.1||MEDIUM

EPSS-1.61% / 81.97%

7 Day CHG~0.00%

Published-18 Dec, 2019 | 15:59

Updated-04 Aug, 2024 | 23:10

A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting.

Vendor-n/a HP Inc.

Product-oneview_for_vmware_vcenter HPE OneView for VMware vCenter with Operations Manager and Log Insight

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-2011

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 70.33%

7 Day CHG~0.00%

Published-13 Jun, 2012 | 20:00

Updated-29 Apr, 2026 | 01:13

Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin 8.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-web_jetadmin n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-2008

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.67% / 71.63%

7 Day CHG~0.00%

Published-09 May, 2012 | 10:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-performance_insight n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-2021

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 70.33%

7 Day CHG~0.00%

Published-16 Jul, 2012 | 17:00

Updated-29 Apr, 2026 | 01:13

Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager 5.20, 5.21, 5.22, and 9.30 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-assetmanager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2011-4156

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-1.76% / 82.79%

7 Day CHG~0.00%

Published-16 Nov, 2011 | 22:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4155.

Vendor-n/a HP Inc.

Product-network_node_manager_i n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2011-5184

Matching Score-10

Assigner-MITRE Corporation

View Details

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-2.64% / 85.88%

7 Day CHG~0.00%

Published-20 Sep, 2012 | 10:00

Updated-29 Apr, 2026 | 01:13

Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 9.10 allow remote attackers to inject arbitrary web script or HTML via the (1) node parameter to nnm/mibdiscover; (2) nodename parameter to nnm/protected/configurationpoll.jsp, (3) nnm/protected/ping.jsp, (4) nnm/protected/statuspoll.jsp, or (5) nnm/protected/traceroute.jsp; or (6) field parameter to nmm/validate. NOTE: this might be a duplicate of CVE-2011-4155 or CVE-2011-4156.

Vendor-n/a HP Inc.

Product-network_node_manager_i n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2011-4155

Matching Score-10

Assigner-HP Inc.

View Details

Matching Score-10

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-1.76% / 82.79%

7 Day CHG~0.00%

Published-16 Nov, 2011 | 22:00

Updated-29 Apr, 2026 | 01:13

Vendor-n/a HP Inc.

Product-network_node_manager_i n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2018-7075

Matching Score-10

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-10

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-6.1||MEDIUM

EPSS-0.45% / 63.95%

7 Day CHG~0.00%

Published-06 Aug, 2018 | 20:00

Updated-05 Aug, 2024 | 06:17

A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or subsequent version.

Vendor-HP Inc.Hewlett Packard Enterprise (HPE)

Product-intelligent_management_center HPE Intelligent Management Center (IMC)

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2010-3291

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs