FKIE_CVE-2008-4411

Vulnerability from fkie_nvd - Published: 2008-10-13 20:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=122356588429626&w=2
cve@mitre.orghttp://secunia.com/advisories/32199Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/4398
cve@mitre.orghttp://securitytracker.com/id?1021015
cve@mitre.orghttp://www.securityfocus.com/bid/31663Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2778
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/45754
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=122356588429626&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32199Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/4398
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1021015
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31663Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2778
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/45754
Impacted products
Vendor Product Version
hp system_management_homepage *
hp system_management_homepage 2.0.0
hp system_management_homepage 2.0.1
hp system_management_homepage 2.0.2
hp system_management_homepage 2.1
hp system_management_homepage 2.1.0-103
hp system_management_homepage 2.1.0-103\(a\)
hp system_management_homepage 2.1.0-109
hp system_management_homepage 2.1.0-118
hp system_management_homepage 2.1.1
hp system_management_homepage 2.1.2
hp system_management_homepage 2.1.2-127
hp system_management_homepage 2.1.3
hp system_management_homepage 2.1.3.132
hp system_management_homepage 2.1.4
hp system_management_homepage 2.1.4-143
hp system_management_homepage 2.1.5
hp system_management_homepage 2.1.5-146
hp system_management_homepage 2.1.6
hp system_management_homepage 2.1.6-156
hp system_management_homepage 2.1.7
hp system_management_homepage 2.1.7-168
hp system_management_homepage 2.1.8
hp system_management_homepage 2.1.8-177
hp system_management_homepage 2.1.9
hp system_management_homepage 2.1.9-178
hp system_management_homepage 2.1.10
hp system_management_homepage 2.1.10-186
hp system_management_homepage 2.1.11
hp system_management_homepage 2.1.11-197
hp system_management_homepage 2.1.12-118
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8066A84-6198-4E4B-85AF-B3C99B3F7CB6",
              "versionEndIncluding": "2.1.12-200",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD9A9442-18B7-4858-AB3A-19FE272A5C61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90042282-9151-4D8E-8093-D85E57BD332C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3EF92B4-AAC3-4957-9D8F-1796C2045962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44CEFC1-CE95-4549-A981-C3F259075B77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.0-103:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C035D5C-90ED-4259-B05C-BEF93D81F42F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.0-103\\(a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "824996A5-C2CC-4FC5-8705-F6B4D69F39B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.0-109:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DBF9F0E-AA30-4E5A-B23E-DD895303245C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.0-118:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA2005B3-1914-4B4B-892A-8CCC0F39EF6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA42455-F9B9-49BD-BAFA-4A02C554ECE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6426924C-AA5C-4C93-AB8B-9314CD010139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.2-127:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D7DCF4F-609A-497B-A32E-3D946EC2EE07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E5C789-9827-47DF-A47C-454DF7687E59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.3.132:*:*:*:*:*:*:*",
              "matchCriteriaId": "D85F0390-B076-4B54-9E4E-67472FF3759E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29FE29FC-AD24-4C89-9AAC-9D49C54A5CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.4-143:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ECF53BE-0E3A-41F8-AFD2-29CA3F2D0C22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EBB25A-A1DE-4943-9EE5-0FCF21A55666",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.5-146:*:*:*:*:*:*:*",
              "matchCriteriaId": "C43EF082-E9AB-41D3-B7AF-936B84BB6AEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B61485E4-6EC1-4886-AB47-F5BC8E72A08A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.6-156:*:*:*:*:*:*:*",
              "matchCriteriaId": "203163D8-15E8-4F2D-A807-7643EA0D6920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E354FF4-5CDD-4B79-B56C-2C774B235D78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.7-168:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAC9CEFE-23C2-4455-BE6F-51D26487D3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3DACC6F-DCE8-4890-BE47-488CB7B2DF77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.8-177:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0DA8D6-3B1D-4935-855E-9431EB4BA683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AFAF26C-7BFE-479E-880C-B13E78780625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.9-178:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC95912B-8C95-4CA8-BDA7-76074E20E362",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3162C720-A042-48D8-A598-5CC9845C5715",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.10-186:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEDD728B-9E92-4EC8-BD61-6E1AE300CE35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABEEE1E4-1883-411E-A4BA-985041880439",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.11-197:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E3E3BC1-A986-4942-80FA-5911428F8E3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:system_management_homepage:2.1.12-118:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038AC00-8A30-49CB-956D-715053A920D2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en versiones de HP System Management Homepage (SMH) anteriores a la 2.1.15.210 en Linux y Windows permite a atacantes remotos inyectar c\u00f3digo HTML o secuencias de comandos web o arbitrarios a trav\u00e9s de vectores no especificados. Se trata de una vulnerabilidad diferente a la CVE-2008-1663."
    }
  ],
  "id": "CVE-2008-4411",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-10-13T20:00:02.277",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=122356588429626\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32199"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4398"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1021015"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/31663"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2778"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=122356588429626\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1021015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/31663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45754"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.