Hp xp P9000 Command View Advanced Edition Cross-Site Scripting Vulnerability

Hp xp P9000 Command View Advanced Edition Cross-Site Scripting Vulnerability

Release date:
Updated on:

Affected Systems:
Hp xp P9000 Command View Advanced Edition 7.5.0-02
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2013-4814

Hp xp P9000 Command View Advanced Edition is a versatile Device Manager for hp xp P9500 and XP Disk Array products.

Versions earlier than hp xp P9000 Command View Advanced Edition 7.5.0-02 do not properly filter certain inputs, which can cause arbitrary HTML and script code execution in the affected user's browser.

<* Source: vendor

Link: http://secunia.com/advisories/54976/
What is https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay? DocId = emr_na-c03898171
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

HP
--
HP has released a Security Bulletin (HPSBST02919) and corresponding patches for this:
HPSBST02919: hp xp P9000 Command View Advanced Edition Suite Software, Remote Cross Site Scripting (XSS)
Https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay? DocId = emr_na-c03898171