XSS Vulnerability in HP Insight Recovery Software
CVE-2010-4101

Currently unrated

Key Information:

Vendor: HP
Status: Insight Recovery
Vendor: CVE Published:; 2 November 2010

Summary

HP Insight Recovery prior to version 6.2 contains a vulnerability that permits remote attackers to exploit cross-site scripting (XSS) flaws. These flaws allow malicious actors to inject arbitrary web scripts or HTML into the application via unspecified vectors. Such vulnerabilities can lead to unauthorized actions being performed in the context of the affected user’s session, potentially compromising sensitive information or the integrity of the affected system.

References

http://secunia.com/advisories/42037

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/44545

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2010/2830

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Nov 2, 2010
Vulnerability Reserved
Oct 27, 2010