Vigil@nce - HP NNMi: Cross Site Scripting
February 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can trigger a Cross Site Scripting on the web server
of HP Network Node Manager i, in order to execute JavaScript code
in the context of the site.
– Impacted products: HP NNMi
– Severity: 2/4
– Creation date: 01/02/2013
DESCRIPTION OF THE VULNERABILITY
The HP NNMi (Network Node Manager i) product contains a web server.
However, one page of this web server does not filter its input,
before injecting them in a generated HTML document. Technical
details are unknown.
An attacker can therefore trigger a Cross Site Scripting on the
web server of HP Network Node Manager i, in order to execute
JavaScript code in the context of the site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/HP-NNMi-Cross-Site-Scripting-12364