XSS in Hp Business_availability_center

CVE-2011-0274

Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 7.x through 7.55 and 8.x through 8.05, and Business Service Management (BSM) through 9.01, allows remote attackers to inject arbitrary web script or HTML via…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.009 (75.3th percentile) — read the EPSS interpretation.

Affected products

Hp Business_availability_center — versions 7.0, 7.55, 8.0
Hp Business_service_management — versions 9.01
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

SSRT100342 (Vendor Advisory, x_refsource_HP, vendor-advisory)
43014 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
1024986 (vdb-entry, x_refsource_SECTRACK)
ADV-2011-0188 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
hp-bac-bsm-xss(64846) (vdb-entry, x_refsource_XF)
45944 (vdb-entry, x_refsource_BID)
43018 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)