Cross-Site Scripting Vulnerability in HP Business Availability Center
CVE-2011-1856

Currently unrated

Key Information:

Vendor: HP
Status: Business Availability Center
Vendor: CVE Published:; 16 May 2011

Summary

A cross-site scripting (XSS) vulnerability exists in HP Business Availability Center (BAC) 8.06 and earlier versions, allowing remote attackers to inject arbitrary web scripts or HTML. This security flaw can be exploited through unspecified vectors, potentially compromising the integrity and confidentiality of user data, and allowing attackers to perform actions on behalf of users without their consent.

References

http://www.itrc.hp.com/service/cki/docDisplay.do?docId=em...

vendor-advisoryx_refsource_HP

http://www.itrc.hp.com/service/cki/docDisplay.do?docId=em...

vendor-advisoryx_refsource_HP

http://www.securitytracker.com/id?1025535

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 16, 2011
Vulnerability Reserved
May 3, 2011