4.3

CVE-2010-3012

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.  NOTE: this issue was originally assigned CVE-2010-3010 due to a CNA error.

Data is provided by the National Vulnerability Database (NVD)
HpSystem Management Homepage Version <= 6.1
HpSystem Management Homepage Version2.0.0
HpSystem Management Homepage Version2.0.1
HpSystem Management Homepage Version2.0.1.104
HpSystem Management Homepage Version2.0.2
HpSystem Management Homepage Version2.0.2.106
HpSystem Management Homepage Version2.1.0-103
HpSystem Management Homepage Version2.1.0-109
HpSystem Management Homepage Version2.1.0-118
HpSystem Management Homepage Version2.1.0.121
HpSystem Management Homepage Version2.1.1
HpSystem Management Homepage Version2.1.2
HpSystem Management Homepage Version2.1.2-127
HpSystem Management Homepage Version2.1.2.127
HpSystem Management Homepage Version2.1.3
HpSystem Management Homepage Version2.1.3.132
HpSystem Management Homepage Version2.1.4
HpSystem Management Homepage Version2.1.4-143
HpSystem Management Homepage Version2.1.4.143
HpSystem Management Homepage Version2.1.5
HpSystem Management Homepage Version2.1.5-146
HpSystem Management Homepage Version2.1.5.146
HpSystem Management Homepage Version2.1.5.146 Updateb
HpSystem Management Homepage Version2.1.6
HpSystem Management Homepage Version2.1.6-156
HpSystem Management Homepage Version2.1.6.156
HpSystem Management Homepage Version2.1.7
HpSystem Management Homepage Version2.1.7-168
HpSystem Management Homepage Version2.1.7.168
HpSystem Management Homepage Version2.1.8
HpSystem Management Homepage Version2.1.8-177
HpSystem Management Homepage Version2.1.8.179
HpSystem Management Homepage Version2.1.9
HpSystem Management Homepage Version2.1.9-178
HpSystem Management Homepage Version2.1.10
HpSystem Management Homepage Version2.1.10-186
HpSystem Management Homepage Version2.1.10.186
HpSystem Management Homepage Version2.1.10.186 Updateb
HpSystem Management Homepage Version2.1.10.186 Updatec
HpSystem Management Homepage Version2.1.11
HpSystem Management Homepage Version2.1.11-197
HpSystem Management Homepage Version2.1.11.197 Updatea
HpSystem Management Homepage Version2.1.12-118
HpSystem Management Homepage Version2.1.12-200
HpSystem Management Homepage Version2.1.12.201
HpSystem Management Homepage Version2.1.14.20
HpSystem Management Homepage Version2.1.15-210
HpSystem Management Homepage Version2.1.15.210
HpSystem Management Homepage Version2.2.6
HpSystem Management Homepage Version2.2.8
HpSystem Management Homepage Version3.0.0-68
HpSystem Management Homepage Version3.0.0.64
HpSystem Management Homepage Version3.0.1-73
HpSystem Management Homepage Version3.0.1.73
HpSystem Management Homepage Version3.0.2-77
HpSystem Management Homepage Version3.0.2.77
HpSystem Management Homepage Version3.0.2.77 Updateb
HpSystem Management Homepage Version6.0.0-95
HpSystem Management Homepage Version6.0.0.96
HpSystem Management Homepage Version6.1.0-103
HpSystem Management Homepage Version6.1.0.102
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.76% 0.71
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.