CVE-2010-0452

EPSS 0.67%
Published 29.03.2010 18:30:00
Last modified 11.04.2025 00:51:21
Source hp-security-alert@hp.com
Teams watchlist Login
Open Login

Multiple cross-site scripting (XSS) vulnerabilities in HP Project and Portfolio Management Center (PPMC, formerly Mercury IT Governance) 7.1 through SP10 and 7.5 through SP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Hp ≫ Project And Portfolio Management Center Updatesp10 Version <= 7.1

Hp ≫ Hp-ux Versionb.11.23

Hp ≫ Project And Portfolio Management Center Updatesp3 Version <= 7.5

Hp ≫ Hp-ux Versionb.11.23

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.67%	0.703

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://marc.info/?l=bugtraq&m=126953216625011&w=2

Vendor Advisory

http://secunia.com/advisories/39105

Vendor Advisory

http://securitytracker.com/id?1023749

http://www.osvdb.org/63175

http://www.securityfocus.com/bid/38961

https://nvd.nist.gov/vuln/detail/CVE-2010-0452

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-0452

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-0452

EUVD