ByteOS

cpe:2.3:a:hp:systems_insight_manager:*:*:*:*:*:*:*:*

>>systems_insight_manager>>Versions up to 7.3(inclusive)

cpe:2.3:a:hp:systems_insight_manager:7.0:*:*:*:*:*:*:*

>>systems_insight_manager>>7.0

cpe:2.3:a:hp:systems_insight_manager:7.1:*:*:*:*:*:*:*

>>systems_insight_manager>>7.1

cpe:2.3:a:hp:systems_insight_manager:7.2:*:*:*:*:*:*:*

>>systems_insight_manager>>7.2

Weaknesses

CWE ID	Type	Source
CWE-20	Primary	nvd@nist.gov

CWE ID: CWE-20

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securitytracker.com/id/1030970	hp-security-alert@hp.com	N/A
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04468121	hp-security-alert@hp.com	N/A
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04468121	hp-security-alert@hp.com	N/A
http://www.securitytracker.com/id/1030970	af854a3a-2127-422b-91ae-364da2661108	N/A
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04468121	af854a3a-2127-422b-91ae-364da2661108	N/A
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04468121	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://www.securitytracker.com/id/1030970

Source: hp-security-alert@hp.com

Resource: N/A

Hyperlink: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04468121

Source: hp-security-alert@hp.com

Resource: N/A

Hyperlink: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04468121

Source: hp-security-alert@hp.com

Resource: N/A

Hyperlink: http://www.securitytracker.com/id/1030970

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04468121

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04468121

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Similar CVEs

728Records found

CVE-2007-6343

Matching Score-8

Assigner-MITRE Corporation

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.40% / 59.53%

7 Day CHG~0.00%

Published-13 Dec, 2007 | 22:00

Updated-07 Aug, 2024 | 16:02

Cross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-openview_network_node_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-5441

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.67% / 70.50%

7 Day CHG~0.00%

Published-12 Nov, 2015 | 02:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-archsight_management_center arcsight_logger n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-5444

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 69.21%

7 Day CHG~0.00%

Published-18 Oct, 2015 | 10:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in HP Smart Profile Server Data Analytics Layer (SPS DAL) 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-smart_profile_server_data_analytics_layer n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2007-6232

Matching Score-8

Assigner-MITRE Corporation

Vendor-windriver santa_cruz_operation ftp n/a Linux Kernel Organization, Inc IBM Corporation Silicon Graphics, Inc.HP Inc.Sun Microsystems (Oracle Corporation)

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-1.26% / 78.57%

7 Day CHG~0.00%

Published-04 Dec, 2007 | 18:00

Updated-07 Aug, 2024 | 16:02

Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.

Product-solaris linux_kernel bsdos admin sco_unix hp-ux tru64 aix irix n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-4000

Matching Score-8

Assigner-MITRE Corporation

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-3.7||LOW

EPSS-93.91% / 99.87%

7 Day CHG~0.00%

Published-21 May, 2015 | 00:00

Updated-12 Apr, 2025 | 10:46

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

CVE-2007-4350

Matching Score-8

Assigner-Flexera Software LLC

Matching Score-8

Assigner-Flexera Software LLC

CVSS Score-4.3||MEDIUM

EPSS-0.80% / 73.01%

7 Day CHG~0.00%

Published-21 Oct, 2008 | 16:00

Updated-07 Aug, 2024 | 14:53

Cross-site scripting (XSS) vulnerability in the management interface in HP SiteScope 9.0 build 911 allows remote attackers to inject arbitrary web script or HTML via an SNMP trap message.

Vendor-n/a HP Inc.

Product-sitescope n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2007-3062

Matching Score-8

Assigner-MITRE Corporation

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-3.53% / 87.20%

7 Day CHG~0.00%

Published-06 Jun, 2007 | 01:00

Updated-07 Aug, 2024 | 14:05

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-system_management_homepage n/a

CVE-2021-26582

Matching Score-8

Matching Score-8

CVSS Score-6.1||MEDIUM

EPSS-0.30% / 52.80%

7 Day CHG~0.00%

Published-15 Apr, 2021 | 17:50

Updated-03 Aug, 2024 | 20:26

A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS).

Vendor-n/a Microsoft Corporation HP Inc.Red Hat, Inc.

Product-icewall_sso_dgfw windows enterprise_linux hp-ux IceWall SSO Dgfw

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2016-4406

Matching Score-8

Matching Score-8

Product-integrated_lights-out_3_firmware integrated_lights-out_4_firmware integrated_lights-out HP Integrated Lights-Out 3 (iLO 3), HPE Integrated Lights-Out 4 (iLO 4)

CVSS Score-6.1||MEDIUM

EPSS-0.53% / 66.46%

7 Day CHG-0.08%

Published-06 Aug, 2018 | 20:00

Updated-06 Aug, 2024 | 00:25

A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44.

Vendor-HP Inc.Hewlett Packard Enterprise (HPE)

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2019-11997

Matching Score-8

Matching Score-8

CVSS Score-6.1||MEDIUM

EPSS-0.42% / 61.01%

7 Day CHG~0.00%

Published-16 Jan, 2020 | 18:55

Updated-04 Aug, 2024 | 23:10

A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the vulnerability in eIUM. The eIUM 8.3 FP01 customers are advised to install eIUM83FP01Patch_QXCR1001711284.20190806-1244 patch. The eIUM 9.0 customers are advised to upgrade to eIUM 9.0 FP02 PI5 or later versions. For other versions, please, contact the product support.

Vendor-HP Inc.Hewlett Packard Enterprise (HPE)

Product-enhanced_internet_usage_manager HPE enhanced Internet Usage Manager (eIUM)

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-2640

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-2.12% / 83.42%

7 Day CHG~0.00%

Published-02 Oct, 2014 | 00:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-system_management_homepage n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-7896

Matching Score-8

Assigner-HP Inc.

Product-xp_p9000_device_manager xp_p9000_tiered_storage_manager xp_p9000_replication_manager xp7_global_link_manager_software n/a

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.60% / 68.34%

7 Day CHG~0.00%

Published-03 Mar, 2015 | 11:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-7881

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.60% / 68.34%

7 Day CHG~0.00%

Published-15 Jan, 2015 | 22:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in the server in HP Insight Control allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-insight_control_server_deployment n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-4661

Matching Score-8

Assigner-MITRE Corporation

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-1.39% / 79.55%

7 Day CHG~0.00%

Published-10 Oct, 2014 | 01:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-records_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-6220

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 69.21%

7 Day CHG~0.00%

Published-10 May, 2014 | 01:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-6198

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.93% / 75.20%

7 Day CHG~0.00%

Published-29 Dec, 2013 | 02:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-service_manager_web_client service_manager_web_tier service_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-2647

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-2.05% / 83.14%

7 Day CHG~0.00%

Published-19 Oct, 2014 | 01:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-operations_agent n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-4845

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 69.21%

7 Day CHG~0.00%

Published-14 Dec, 2013 | 22:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-officejet_pro_8500_firmware officejet_pro_8500 n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-2644

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.67% / 70.39%

7 Day CHG~0.00%

Published-06 Oct, 2014 | 01:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Vendor-n/a HP Inc.

Product-systems_insight_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2019-2684

Matching Score-8

Assigner-Oracle

Matching Score-8

Assigner-Oracle

CVSS Score-5.9||MEDIUM

EPSS-1.17% / 77.84%

7 Day CHG~0.00%

Published-23 Apr, 2019 | 18:16

Updated-02 Oct, 2024 | 15:40

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVE-2013-4802

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.78% / 72.82%

7 Day CHG~0.00%

Published-26 Jul, 2013 | 17:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in HP Application Lifecycle Management (ALM) Quality Center before 11.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ZDI-CAN-1565.

Vendor-n/a HP Inc.

Product-application_lifecycle_management n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-6191

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 69.21%

7 Day CHG~0.00%

Published-17 Dec, 2013 | 02:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-operations_orchestration n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-6222

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.88% / 74.40%

7 Day CHG~0.00%

Published-23 Aug, 2014 | 23:00

Updated-12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-service_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-4842

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.86% / 74.19%

7 Day CHG~0.00%

Published-16 Nov, 2013 | 02:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-integrated_lights-out_4 integrated_lights-out_firmware n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-4814

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 69.21%

7 Day CHG~0.00%

Published-23 Sep, 2013 | 10:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in HP XP P9000 Command View Advanced Edition Suite Software 7.x before 7.5.0-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-xp_9000_command_view n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-2321

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 69.21%

7 Day CHG~0.00%

Published-02 May, 2013 | 01:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.Microsoft Corporation

Product-windows service_manager_web_tier n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-2337

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 69.21%

7 Day CHG~0.00%

Published-14 Jun, 2013 | 18:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-service_center service_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-2361

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 69.21%

7 Day CHG~0.00%

Published-19 Jul, 2013 | 18:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-system_management_homepage n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-0132

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.75% / 72.15%

7 Day CHG~0.00%

Published-04 Apr, 2012 | 22:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 9.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.Microsoft Corporation

Product-business_availability_center windows n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2011-5184

Matching Score-8

Assigner-MITRE Corporation

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-2.21% / 83.77%

7 Day CHG~0.00%

Published-20 Sep, 2012 | 10:00

Updated-11 Apr, 2025 | 00:51

Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 9.10 allow remote attackers to inject arbitrary web script or HTML via the (1) node parameter to nnm/mibdiscover; (2) nodename parameter to nnm/protected/configurationpoll.jsp, (3) nnm/protected/ping.jsp, (4) nnm/protected/statuspoll.jsp, or (5) nnm/protected/traceroute.jsp; or (6) field parameter to nmm/validate. NOTE: this might be a duplicate of CVE-2011-4155 or CVE-2011-4156.

Vendor-n/a HP Inc.

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2010-0449

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.65% / 69.76%

7 Day CHG-0.21%

Published-31 Mar, 2010 | 17:35

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Vendor-n/a HP Inc.

Product-soa_registry_foundation n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-5219

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.60% / 68.34%

7 Day CHG~0.00%

Published-28 Apr, 2013 | 01:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in HP Managed Printing Administration (MPA) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-managed_printing_administration n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2003-0914

Matching Score-8

Assigner-MITRE Corporation

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-26.75% / 96.16%

7 Day CHG~0.00%

Published-02 Dec, 2003 | 05:00

Updated-03 Apr, 2025 | 01:03

ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.

CVE-2020-7140

Matching Score-8

Matching Score-8

CVSS Score-6.1||MEDIUM

EPSS-0.40% / 59.78%

7 Day CHG~0.00%

Published-08 Jul, 2020 | 13:39

Updated-04 Aug, 2024 | 09:18

A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information to resolve this vulnerability in HPE IceWall SSO DFW and Dgfw: https://www.hpe.com/jp/icewall_patchaccess

Vendor-n/a Microsoft Corporation HP Inc.Red Hat, Inc.

Product-icewall_sso_dgfw windows icewall_sso_dfw enterprise_linux IceWall SSO Dfw; IceWall SSO Dgfw

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2010-4030

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.84% / 73.80%

7 Day CHG~0.00%

Published-01 Nov, 2010 | 19:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-insight_control_performance_management n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2020-4658

Matching Score-8

Assigner-IBM Corporation

Vendor-Microsoft Corporation HP Inc.IBM Corporation Linux Kernel Organization, Inc Oracle Corporation

Matching Score-8

Assigner-IBM Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.19% / 40.83%

7 Day CHG~0.00%

Published-16 Dec, 2020 | 20:35

Updated-16 Sep, 2024 | 19:24

IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186095.

Product-solaris sterling_file_gateway linux_kernel i hp-ux windows aix Sterling File Gateway

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-3272

Matching Score-8

Assigner-HP Inc.

Product-color_laserjet_cp3525 laserjet_p4xxx color_laserjet_cm3530 color_laserjet_cp4xxx color_laserjet_cm60xx laserjet_p3015 color_laserjet_cp6015 n/a

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 69.21%

7 Day CHG~0.00%

Published-06 Dec, 2012 | 11:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-3251

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 69.21%

7 Day CHG~0.00%

Published-16 Aug, 2012 | 10:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-service_manager_web_tier service_center_web_tier n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-3255

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 69.21%

7 Day CHG~0.00%

Published-08 Sep, 2012 | 10:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-business_availability_center n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-3279

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 69.21%

7 Day CHG~0.00%

Published-06 Feb, 2013 | 11:00

Updated-11 Apr, 2025 | 00:51

Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-2960

Matching Score-8

Assigner-CERT/CC

Product-arcsight_connector_appliance_firmware arcsight_connector_appliance arcsight_logger_appliance_firmware arcsight_logger_appliance n/a

Matching Score-8

Assigner-CERT/CC

CVSS Score-4.3||MEDIUM

EPSS-0.74% / 72.05%

7 Day CHG~0.00%

Published-08 Aug, 2012 | 10:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file.

Vendor-n/a HP Inc.

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-1996

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.58% / 67.81%

7 Day CHG~0.00%

Published-11 Mar, 2013 | 21:00

Updated-11 Apr, 2025 | 00:51

Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote attackers to modify data via unknown vectors.

Vendor-n/a HP Inc.

Product-systems_insight_manager n/a

CVE-2012-2021

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 69.21%

7 Day CHG~0.00%

Published-16 Jul, 2012 | 17:00

Updated-11 Apr, 2025 | 00:51

Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager 5.20, 5.21, 5.22, and 9.30 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-assetmanager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-2001

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.64% / 69.54%

7 Day CHG~0.00%

Published-02 May, 2012 | 22:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in HP SNMP Agents for Linux before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a HP Inc.

Product-snmp_agents_for_linux n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-2022

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.62% / 69.21%

7 Day CHG~0.00%

Published-07 Aug, 2012 | 19:00

Updated-11 Apr, 2025 | 00:51

Vendor-n/a HP Inc.

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2019-6323

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-6.1||MEDIUM

EPSS-0.48% / 63.96%

7 Day CHG~0.00%

Published-17 Jun, 2019 | 15:55

Updated-04 Aug, 2024 | 20:16

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to reflected XSS in wireless configuration page.

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2019-3486

Matching Score-8

Matching Score-8

CVSS Score-4.6||MEDIUM

EPSS-0.30% / 53.16%

7 Day CHG~0.00%

Published-25 Jul, 2019 | 14:30

Updated-16 Sep, 2024 | 22:35

ArcSight Security Management Center stored cross site script issue in version prior to 2.9.1

Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1

Vendor-Micro Focus International Limited HP Inc.

Product-arcsight_management_center Arcsight Security Management Center

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2019-3485

Matching Score-8

Matching Score-8

CVSS Score-4.6||MEDIUM

EPSS-0.30% / 53.16%

7 Day CHG~0.00%

Published-24 Jul, 2019 | 15:30

Updated-17 Sep, 2024 | 02:06

ArcSight Logger stored cross site script issue in version prior to 6.7.1

Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1

Vendor-Micro Focus International Limited HP Inc.

Product-arcsight_logger ArcSight Logger

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2019-3480

Matching Score-8

Matching Score-8

CVSS Score-6.1||MEDIUM

EPSS-0.36% / 57.52%

7 Day CHG~0.00%

Published-25 Mar, 2019 | 16:03

Updated-04 Aug, 2024 | 19:12

Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7.

Vendor-n/a HP Inc.

Product-arcsight_logger ArcSight Logger

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2012-2011

Matching Score-8

Assigner-HP Inc.