Secunia Research has discovered a vulnerability in HP SiteScope, which can be exploited by malicious people to conduct script insertion attacks. The SiteScope server performs agent-less monitoring of the IT infrastructure and can be configured to receive SNMP traps from devices. The status of the SNMP monitor and the content of received SNMP trap messages can be viewed in the web interface. The received SNMP messages are rendered in the context of the management interface with no filtering or sanitizing. This can be exploited to execute arbitrary HTML and script code in a user's browser session when viewing the information. HP SiteScope 9.0 build 911 is affected.
58b64bebe88c7d9ecc454e7c44918ddfccddbea43ef2062b4fc396569b32d5d0