HP XP P9000 Command View Advanced Edition跨站脚本执行漏洞
HP XP P9000 Command View Advanced Edition跨站脚本执行漏洞
发布日期:2013-09-23
更新日期:2013-09-25
受影响系统:
HP XP P9000 Command View Advanced Edition 7.5.0-02
描述:
--------------------------------------------------------------------------------
CVE(CAN) ID: CVE-2013-4814
HP XP P9000 Command View Advanced Edition是HP XP P9500、XP Disk Array产品的多功能设备管理器。
HP XP P9000 Command View Advanced Edition 7.5.0-02之前版本没有正确过滤某些输入,可导致在受影响用户浏览器中执行任意HTML和脚本代码。
<*来源:vendor
链接:http://secunia.com/advisories/54976/
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03898171
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
HP
--
HP已经为此发布了一个安全公告(HPSBST02919)以及相应补丁:
HPSBST02919:HP XP P9000 Command View Advanced Edition Suite Software, Remote Cross Site Scripting (XSS)
链接:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03898171
评论暂时关闭