Cross-Site Scripting Vulnerability in HP Operations Orchestration
CVE-2010-3985

Currently unrated

Key Information:

Vendor: HP
Status: Operations Orchestration
Vendor: CVE Published:; 26 October 2010

Summary

A Cross-Site Scripting (XSS) vulnerability exists in HP Operations Orchestration versions prior to 9.0 when viewed in Internet Explorer 6.0. The flaw allows remote attackers to inject arbitrary web scripts or HTML into the application potentially compromising the security of the system and its users. This occurs through unspecified vectors that exploit the application's handling of user-supplied data. It is advisable for users to upgrade to a secure version and implement necessary mitigations to avoid potential exploitation.

References

http://www.securityfocus.com/bid/44331

vdb-entryx_refsource_BID

http://secunia.com/advisories/41983

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/62727

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 26, 2010
Vulnerability Reserved
Oct 18, 2010