CVE-2017-12544 Hewlett Packard Enterprise, HP System Management Homepage Software prior to 7.6.1 Cross-site Scripting (XSS)

The HP System Management Homepage (SMH) is a web-based interface that consolidates and simplifies the management of ProLiant and Integrity servers running Microsoft Windows or Linux, or HP 9000 and HP Integrity servers running HP-UX 11i.

Original Advisory:

See also:

Learn Pentesting like a Pro
HPE SMH XSS DOM-Based found
Product: HPE System Management Homepage Versions: ALL versions and platforms affected (Tested on v7.6.0.11 for MS Windows) Vulnerability: JavaScript Injection in file gsearch.php, parameter prod OWASP TOP 10: A1 Injection Type: Javascript Injection Impact…
Read more






Leave a Reply

Your email address will not be published. Required fields are marked *