Cross-site Scripting Vulnerability in HP Service Manager and Service Center

CVE-2012-3251

Summary

A cross-site scripting (XSS) vulnerability exists in HP Service Manager Web Tier versions 7.11, 9.21, and 9.30, as well as HP Service Center Web Tier version 6.28. This flaw allows remote attackers to inject arbitrary web scripts or HTML into web pages viewed by users, potentially enabling data theft or user impersonation. Attackers can exploit this vulnerability through unspecified vectors, emphasizing the need for prompt updates and adequate security measures.

References