Cross-Site Scripting Vulnerabilities in HP Power Manager by HP
CVE-2011-0280

Currently unrated

Key Information:

Vendor: HP
Status: Power Manager
Vendor: CVE Published:; 14 March 2011

Summary

HP Power Manager versions 4.3.2 and earlier are vulnerable to multiple cross-site scripting (XSS) attacks. Attackers can exploit these vulnerabilities by injecting arbitrary web scripts or HTML via specific parameters in the application. Notably, the 'logType' parameter in Contents/exportlogs.asp, 'Id' in Contents/pagehelp.asp, and 'SORTORD' or 'SORTCOL' in Contents/applicationlogs.asp can be manipulated to deliver malicious content to unsuspecting users, posing significant security risks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/66035

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/46830

vdb-entryx_refsource_BID

http://secunia.com/advisories/43058

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Mar 14, 2011
Vulnerability Reserved
Dec 23, 2010