VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 9, 2008· Updated Apr 23, 2026

CVE-2008-1663

CVE-2008-1663

Description

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Linux and Windows are vulnerable to remote XSS via unspecified vectors.

Vulnerability

HP System Management Homepage (SMH) versions 2.1.10 and 2.1.11 running on Linux and Windows are affected by a cross-site scripting (XSS) vulnerability. The vulnerability is triggered via unspecified vectors, allowing remote attackers to inject arbitrary web script or HTML. [1][2]

Exploitation

An attacker can exploit this vulnerability remotely without authentication. The attack complexity is medium, meaning the attacker must craft a malicious request to inject script into a page served by SMH. User interaction may be required (e.g., clicking a link) due to the XSS nature. The exact vectors are not disclosed. [1][2]

Impact

Successful exploitation allows the attacker to inject arbitrary web script or HTML in the context of the victim's browser. This can lead to partial integrity compromise (e.g., modifying page content or stealing session cookies) and partial confidentiality compromise (e.g., accessing sensitive information). The CVSS base score is 6.4 (Medium) per HP's bulletin. [1]

Mitigation

HP released SMH version 2.1.12 to fix this vulnerability. Users should upgrade to v2.1.12 or later. The update is available from HP's support website. No workaround is provided in the bulletins. [1][2]

References
  1. '[security bulletin] HPSBMA02345 SSRT080039 rev.1 - HP System Management Homepage (SMH) for Linux and'
  2. HP System Management Homepage (SMH) for Linux and Windows

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Microfocus/System Management Homepage3 versions
    cpe:2.3:a:hp:system_management_homepage:2.1.10:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:hp:system_management_homepage:2.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:system_management_homepage:2.1.11:*:*:*:*:*:*:*
    • (no CPE)range: 2.1.10, 2.1.11

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.