Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5184

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-5184
Last Modified 20 Sep 2012 12:00:00
Published 20 Sep 2012 06:55:28
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5184

Summary

Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 9.10 allow remote attackers to inject arbitrary web script or HTML via the (1) node parameter to nnm/mibdiscover; (2) nodename parameter to nnm/protected/configurationpoll.jsp, (3) nnm/protected/ping.jsp, (4) nnm/protected/statuspoll.jsp, or (5) nnm/protected/traceroute.jsp; or (6) field parameter to nmm/validate. NOTE: this might be a duplicate of CVE-2011-4155 or CVE-2011-4156.

Vulnerable Systems

Application

  • Hp Network Node Manager I 9.10


References

XF - nnmi-field-xss(71528)

XF - nnmi-node-xss(71527)

BID - 50806

BUGTRAQ - 20111123 0A29-11-1 : Cross-Site Scripting vulnerabilities in HP Network Node Manager i 9.10

SECUNIA - 46941

OSVDB - 77401

OSVDB - 77400

OSVDB - 77399

OSVDB - 77398

OSVDB - 77397

OSVDB - 77396

MISC - http://0a29.blogspot.com/2011/11/0a29-11-1-cross-site-scripting.html


Last Updated: 27 May 2016 11:00:45