Cross-Site Scripting Vulnerability in HP Business Availability Center
CVE-2012-3255

Currently unrated

Key Information:

Vendor: HP
Status: Business Availability Center
Vendor: CVE Published:; 8 September 2012

What is CVE-2012-3255?

A cross-site scripting (XSS) vulnerability exists in HP Business Availability Center version 8.07, allowing remote attackers to inject arbitrary web scripts or HTML into the application. This could be exploited through various unspecified vectors, potentially compromising user sessions and leading to unauthorized actions on behalf of the user. Best practices for mitigating XSS vulnerabilities should be implemented to safeguard against such attacks.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

http://osvdb.org/85250

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 8, 2012
Vulnerability Reserved
Jun 6, 2012