Intrusion Prevention

HP.Insight.Diagnostics.XSS

Description

This indicates an attack attempt against a cross-site scripting (XSS) vulnerability in the HP Insight Diagnostics.
The vulnerability is caused by an error when the vulnerable software handles a malicious uri. It allows a remote attacker to execute arbitrary code via sending a crafted request.

Affected Products

HP Insight Diagnostics Online Edition 8.4 and earlier.

Impact

System compromise.

Recommended Actions

Apply the patch supplied by the vendor:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472

CVE References

CVE-2010-3003