Vulnerability Name:

CVE-2007-5302 (CCN-36990)

Assigned:2007-10-03
Published:2007-10-03
Updated:2017-09-29
Summary:Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-5302

Source: CCN
Type: HP Security Bulletin HPSBMA02274 SSRT071445
HP System Management Homepage (SMH) for HP-UX, Remote Cross Site Scripting (XSS)

Source: HP
Type: UNKNOWN
SSRT071445

Source: CCN
Type: HP Security Bulletin HPSBMA02275 SSRT071445
HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)

Source: HP
Type: Patch
HPSBMA02275

Source: OSVDB
Type: UNKNOWN
37603

Source: CCN
Type: SA27067
HP System Management Homepage Unspecified Cross-Site Scripting

Source: SECUNIA
Type: Patch, Vendor Advisory
27067

Source: CCN
Type: SECTRACK ID: 1018775
HP System Management Homepage Input Validation Hole Permits Cross-Site Scripting Attacks

Source: CCN
Type: OSVDB ID: 37603
HP System Management Homepage (SMH) Unspecified XSS

Source: BID
Type: UNKNOWN
25953

Source: CCN
Type: BID-25953
HP System Management Homepage (SMH) for Linux, Windows, and HP-UX Cross Site Scripting Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018775

Source: VUPEN
Type: Vendor Advisory
ADV-2007-3387

Source: XF
Type: UNKNOWN
hp-homepage-xss(36990)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5773

Vulnerable Configuration:Configuration 1:
  • cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.23:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.31:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:hp:system_management_homepage:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:hp:system_management_homepage:2.1.9:*:*:*:*:*:*:*
  • AND
  • cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5773
    V
    		HP System Management Homepage (SMH) for HP-UX, Remote Cross Site Scripting (XSS)
    2014-03-24
    BACK
    hp hp-ux 11.11
    hp hp-ux 11.23
    hp hp-ux 11.31
    hp system management homepage 2.1
    hp system management homepage 2.1.1
    hp system management homepage 2.1.2
    hp system management homepage 2.1.3
    hp system management homepage 2.1.4
    hp system management homepage 2.1.5
    hp system management homepage 2.1.6
    hp system management homepage 2.1.7
    hp system management homepage 2.1.8
    hp system management homepage 2.1.9
    hp hp-ux b.11.11
    hp hp-ux b.11.23
    hp hp-ux b.11.31