Intrusion Prevention

HPE.System.Management.Homepage.XSS

Description

This indicates an attack attempt against a Cross-Site Scripting (XSS) vulnerability in HP System Management Homepage.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling a crafted HTTP request. A remote attacker can exploit this to execute arbitrary script code within the context of the user's browser.

Affected Products

HP System Management Homepage before v7.6.1

Impact

System Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us

CVE References

CVE-2017-12544