{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"HP System Management Homepage (SMH) sur HP-UX versions B.11.11, B.11.23 et B.11.31.","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"HP System Management Homepage (SMH) versions ant\u00e9rieures \u00e0 2.1.10 (pour GNU/Linux et Microsoft Windows) ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nLe manque de contr\u00f4le du contenu d'un argument envoy\u00e9 \u00e0 HP System\nManagement Homepage (SMH) permet \u00e0 un individu malveillant de r\u00e9aliser\nde l'injection de code indirecte \u00e0 distance (Cross Site Scripting ou\nXSS).\n\n## Solution\n\nLa version 2.1.10-186 pour GNU/Linux et Microsoft Windows corrige le\nprobl\u00e8me. Les correctifs PHSS_36869, PHSS_36870 et PHSS_36871 pour HP-UX\ncorrigent le probl\u00e8me. Se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur\npour l'obtention des correctifs (cf. section Documentation).\n","cves":[{"name":"CVE-2007-5302","url":"https://www.cve.org/CVERecord?id=CVE-2007-5302"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 HP c01183265 du 03 octobre 2007 :","url":"http://itrc.hp.com/service/cki/docDisplay.do?docId=c01183265"},{"title":"Bulletin de s\u00e9curit\u00e9 HP c01183597 du 03 octobre 2007 :","url":"http://itrc.hp.com/service/cki/docDisplay.do?docId=c01183597"}],"reference":"CERTA-2007-AVI-435","revisions":[{"description":"version initiale.","revision_date":"2007-10-10T00:00:00.000000"},{"description":"ajout de la r\u00e9f\u00e9rence CVE.","revision_date":"2008-02-14T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"}],"summary":"Une vuln\u00e9rabilit\u00e9 de HP System Management Homepage (SMH) permet\nl'ex\u00e9cution de code indirecte \u00e0 distance.\n","title":"Vuln\u00e9rabilit\u00e9 dans HP System Management Homepage","vendor_advisories":[{"published_at":null,"title":"Bulletins de s\u00e9curit\u00e9 HP c01183265 et c01183597 du 03 octobre 2007","url":null}]}