cvelistv5 - cve-2011-1856

CVE-2011-1856 (GCVE-0-2011-1856)

Vulnerability from cvelistv5 – Published: 2011-05-16 18:00 – Updated: 2024-08-06 22:45

Summary

Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

References

URL

Tags

	http://www.itrc.hp.com/service/cki/docDisplay.do?…	vendor-advisoryx_refsource_HP
	http://www.itrc.hp.com/service/cki/docDisplay.do?…	vendor-advisoryx_refsource_HP
	http://www.securitytracker.com/id?1025535	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/44569	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:45:59.942Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBMA02681",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184"
          },
          {
            "name": "SSRT100493",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184"
          },
          {
            "name": "1025535",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025535"
          },
          {
            "name": "44569",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44569"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-09-07T09:00:00",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "name": "HPSBMA02681",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184"
        },
        {
          "name": "SSRT100493",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184"
        },
        {
          "name": "1025535",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025535"
        },
        {
          "name": "44569",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44569"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2011-1856",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBMA02681",
              "refsource": "HP",
              "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184"
            },
            {
              "name": "SSRT100493",
              "refsource": "HP",
              "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184"
            },
            {
              "name": "1025535",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025535"
            },
            {
              "name": "44569",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44569"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2011-1856",
    "datePublished": "2011-05-16T18:00:00",
    "dateReserved": "2011-05-03T00:00:00",
    "dateUpdated": "2024-08-06T22:45:59.942Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:business_availability_center:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.06\", \"matchCriteriaId\": \"9722A0B1-C4F5-4B97-A33E-2FB7AD7AE7E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:business_availability_center:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6225B39-0AC0-44F0-96C6-6A5B51F3A354\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:business_availability_center:7.55:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C79FD56F-AEA9-44C8-A3FA-E075885CE220\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:business_availability_center:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"28CB6BA7-F5DA-4AFB-AF9B-E185EA808AC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:business_availability_center:8.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1FC7BA7-60D7-4DD8-8FA5-037A3850A045\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:business_availability_center:8.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20EAEB30-1B4A-4515-9B38-A7446923311D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:business_availability_center:8.03:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"347E4EAC-2701-4257-A4D2-C501C410F587\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:business_availability_center:8.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7742DF71-7EB5-4535-98EE-C436FB5F8D70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hp:business_availability_center:8.05:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F19F9808-E070-4085-8133-D6EB8C90F638\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ejecuci\\u00f3n de secuencias de comandos en sitios cruzados (XSS) en HP Business Availability Center(BAC) v8.06 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\\u00e9s vectores no especificados.\\r\\n\"}]",
      "id": "CVE-2011-1856",
      "lastModified": "2024-11-21T01:27:11.480",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2011-05-16T18:55:01.307",
      "references": "[{\"url\": \"http://secunia.com/advisories/44569\", \"source\": \"hp-security-alert@hp.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184\", \"source\": \"hp-security-alert@hp.com\"}, {\"url\": \"http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184\", \"source\": \"hp-security-alert@hp.com\"}, {\"url\": \"http://www.securitytracker.com/id?1025535\", \"source\": \"hp-security-alert@hp.com\"}, {\"url\": \"http://secunia.com/advisories/44569\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1025535\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "hp-security-alert@hp.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-1856\",\"sourceIdentifier\":\"hp-security-alert@hp.com\",\"published\":\"2011-05-16T18:55:01.307\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en HP Business Availability Center(BAC) v8.06 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s vectores no especificados.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:business_availability_center:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.06\",\"matchCriteriaId\":\"9722A0B1-C4F5-4B97-A33E-2FB7AD7AE7E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:business_availability_center:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6225B39-0AC0-44F0-96C6-6A5B51F3A354\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:business_availability_center:7.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C79FD56F-AEA9-44C8-A3FA-E075885CE220\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:business_availability_center:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28CB6BA7-F5DA-4AFB-AF9B-E185EA808AC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:business_availability_center:8.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1FC7BA7-60D7-4DD8-8FA5-037A3850A045\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:business_availability_center:8.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20EAEB30-1B4A-4515-9B38-A7446923311D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:business_availability_center:8.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"347E4EAC-2701-4257-A4D2-C501C410F587\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:business_availability_center:8.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7742DF71-7EB5-4535-98EE-C436FB5F8D70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:business_availability_center:8.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F19F9808-E070-4085-8133-D6EB8C90F638\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/44569\",\"source\":\"hp-security-alert@hp.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://www.securitytracker.com/id?1025535\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://secunia.com/advisories/44569\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2011-1856

Vulnerability from fkie_nvd - Published: 2011-05-16 18:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

URL	Tags
hp-security-alert@hp.com	http://secunia.com/advisories/44569	Vendor Advisory
hp-security-alert@hp.com	http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184
hp-security-alert@hp.com	http://www.securitytracker.com/id?1025535
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44569	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025535

Impacted products

Vendor	Product	Version
hp	business_availability_center	*
hp	business_availability_center	7.0
hp	business_availability_center	7.55
hp	business_availability_center	8.0
hp	business_availability_center	8.01
hp	business_availability_center	8.02
hp	business_availability_center	8.03
hp	business_availability_center	8.04
hp	business_availability_center	8.05

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:business_availability_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9722A0B1-C4F5-4B97-A33E-2FB7AD7AE7E7",
              "versionEndIncluding": "8.06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:business_availability_center:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6225B39-0AC0-44F0-96C6-6A5B51F3A354",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:business_availability_center:7.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "C79FD56F-AEA9-44C8-A3FA-E075885CE220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:business_availability_center:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28CB6BA7-F5DA-4AFB-AF9B-E185EA808AC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:business_availability_center:8.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1FC7BA7-60D7-4DD8-8FA5-037A3850A045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:business_availability_center:8.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EAEB30-1B4A-4515-9B38-A7446923311D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:business_availability_center:8.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "347E4EAC-2701-4257-A4D2-C501C410F587",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:business_availability_center:8.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "7742DF71-7EB5-4535-98EE-C436FB5F8D70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:business_availability_center:8.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "F19F9808-E070-4085-8133-D6EB8C90F638",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en HP Business Availability Center(BAC) v8.06 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s vectores no especificados.\r\n"
    }
  ],
  "id": "CVE-2011-1856",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-05-16T18:55:01.307",
  "references": [
    {
      "source": "hp-security-alert@hp.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44569"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184"
    },
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://www.securitytracker.com/id?1025535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44569"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025535"
    }
  ],
  "sourceIdentifier": "hp-security-alert@hp.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-F57X-89FQ-RHWP

Vulnerability from github – Published: 2022-05-17 05:39 – Updated: 2022-05-17 05:39

Details

Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-1856"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-05-16T18:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
  "id": "GHSA-f57x-89fq-rhwp",
  "modified": "2022-05-17T05:39:43Z",
  "published": "2022-05-17T05:39:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1856"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44569"
    },
    {
      "type": "WEB",
      "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025535"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2011-AVI-300

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité de type injection de code indirecte à distance (XSS) a été identifiée dans HP Business Availibility Center.

Description

Une vulnérabilité a été corrigée dans HP Business Availibility Center. Certaines entrées n'étant pas correctement controlées, une personne malveillante distante peut réaliser de l'injection de code indirecte.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

HB Business Availibility Center (BAC) versions 8.06 et antérieures sur plates-formes Windows et Solaris.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HPSBMA02681 du 12 mai 2011	None	vendor-advisory
Bulletin de sécurité HP c02823184 du 12 mai 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eHB Business Availibility Center (BAC)  versions 8.06 et ant\u00e9rieures sur plates-formes Windows et  Solaris.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans HP Business Availibility Center.\nCertaines entr\u00e9es n\u0027\u00e9tant pas correctement control\u00e9es, une personne\nmalveillante distante peut r\u00e9aliser de l\u0027injection de code indirecte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1856"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c02823184 du 12 mai 2011 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02823184"
    }
  ],
  "reference": "CERTA-2011-AVI-300",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-05-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de type injection de code indirecte \u00e0 distance (\u003cspan\nclass=\"textit\"\u003eXSS\u003c/span\u003e) a \u00e9t\u00e9 identifi\u00e9e dans HP Business\nAvailibility Center.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans HP Business Availibility Center",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HPSBMA02681 du 12 mai 2011",
      "url": null
    }
  ]
}

CERTA-2011-AVI-300

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité de type injection de code indirecte à distance (XSS) a été identifiée dans HP Business Availibility Center.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

HB Business Availibility Center (BAC) versions 8.06 et antérieures sur plates-formes Windows et Solaris.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HPSBMA02681 du 12 mai 2011	None	vendor-advisory
Bulletin de sécurité HP c02823184 du 12 mai 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eHB Business Availibility Center (BAC)  versions 8.06 et ant\u00e9rieures sur plates-formes Windows et  Solaris.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans HP Business Availibility Center.\nCertaines entr\u00e9es n\u0027\u00e9tant pas correctement control\u00e9es, une personne\nmalveillante distante peut r\u00e9aliser de l\u0027injection de code indirecte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1856"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c02823184 du 12 mai 2011 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02823184"
    }
  ],
  "reference": "CERTA-2011-AVI-300",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-05-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de type injection de code indirecte \u00e0 distance (\u003cspan\nclass=\"textit\"\u003eXSS\u003c/span\u003e) a \u00e9t\u00e9 identifi\u00e9e dans HP Business\nAvailibility Center.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans HP Business Availibility Center",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HPSBMA02681 du 12 mai 2011",
      "url": null
    }
  ]
}

GSD-2011-1856

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Aliases

CVE-2011-1856

Aliases

CVE-2011-1856

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1856",
    "description": "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
    "id": "GSD-2011-1856"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1856"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
      "id": "GSD-2011-1856",
      "modified": "2023-12-13T01:19:08.550133Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "hp-security-alert@hp.com",
        "ID": "CVE-2011-1856",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "HPSBMA02681",
            "refsource": "HP",
            "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184"
          },
          {
            "name": "SSRT100493",
            "refsource": "HP",
            "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184"
          },
          {
            "name": "1025535",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1025535"
          },
          {
            "name": "44569",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44569"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hp:business_availability_center:8.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:business_availability_center:8.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:business_availability_center:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:business_availability_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.06",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:business_availability_center:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:business_availability_center:8.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:business_availability_center:7.55:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:business_availability_center:8.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:business_availability_center:8.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2011-1856"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "44569",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/44569"
            },
            {
              "name": "HPSBMA02681",
              "refsource": "HP",
              "tags": [],
              "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02823184"
            },
            {
              "name": "1025535",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1025535"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2011-09-07T03:16Z",
      "publishedDate": "2011-05-16T18:55Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1856 (GCVE-0-2011-1856)

FKIE_CVE-2011-1856

GHSA-F57X-89FQ-RHWP

CERTA-2011-AVI-300

Description

Solution

CERTA-2011-AVI-300

Description

Solution

GSD-2011-1856

Tags

Sightings

Nomenclature