Cross-site Scripting Vulnerability in HP Performance Insight for Networks
CVE-2012-2008

Currently unrated

Key Information:

Vendor: HP
Status: Performance Insight
Vendor: CVE Published:; 9 May 2012

Summary

A cross-site scripting (XSS) vulnerability exists in HP Performance Insight for Networks versions 5.3.x, 5.41, 5.41.001, and 5.41.002. This flaw allows remote attackers to exploit unspecified vectors to inject arbitrary web scripts or HTML, which could potentially lead to unauthorized actions being performed in the user’s browser session. As such, it poses significant risks to the security and integrity of user interactions with the application.

References

http://secunia.com/advisories/49079

third-party-advisoryx_refsource_SECUNIA

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

http://www.securitytracker.com/id?1027031

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 9, 2012
Vulnerability Reserved
Apr 2, 2012