Cross-site Scripting Vulnerability in HP Palm webOS Contacts Application
CVE-2010-4109

Currently unrated

Key Information:

Vendor: HP
Status: Palm Webos
Vendor: CVE Published:; 8 December 2010

Summary

A cross-site scripting (XSS) vulnerability exists in the Contacts Application of HP Palm webOS prior to version 2.0. This flaw enables remote attackers to inject arbitrary web scripts or HTML into the application through a specially crafted vCard file. If exploited, this vulnerability could allow attackers to execute malicious scripts in the context of the user's session, potentially compromising user data or interactions with the system.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

http://www.vupen.com/english/advisories/2010/3131

vdb-entryx_refsource_VUPEN

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

Timeline

Vulnerability published
Dec 8, 2010
Vulnerability Reserved
Oct 27, 2010