CVE-2009-1418
Description
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
HP System Management Homepage before 3.0.1.73 contains a cross-site scripting vulnerability allowing remote attackers to inject arbitrary web script or HTML.
Vulnerability
HP System Management Homepage (SMH) versions before 3.0.1.73 on Linux and Windows Server 2003/2008 contain a cross-site scripting (XSS) vulnerability [1][2]. The vulnerability exists in the web-based management interface and can be triggered via unspecified vectors [1][2].
Exploitation
An attacker can exploit this vulnerability by sending a crafted request to the SMH web interface. No authentication is required, but the attack complexity is medium [1]. The attacker must trick a user into visiting a malicious link or page that triggers the XSS [1][2].
Impact
Successful exploitation allows an attacker to execute arbitrary script in the context of the user's browser [1][2]. This can lead to session hijacking, defacement, or theft of sensitive information. The CVSS v2 score is 4.3 (Medium) with partial integrity impact [1].
Mitigation
The vendor released version 3.0.1.73 to fix this vulnerability [1][2]. Users should apply the update for their respective platform (Linux x86, Linux AMD64/EM64T, Windows) [1]. No workarounds are mentioned in the references.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
54cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*+ 53 more
- cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*range: <=3.0.0-68
- cpe:2.3:a:hp:system_management_homepage:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.0.1.104:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.0.2.106:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.0-103:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.0-103\(a\):*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.0-109:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.0-118:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.0.121:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.10-186:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.10.186:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.10.186:b:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.10.186:c:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.11-197:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.11.197:a:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.12-118:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.12-200:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.12.201:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.14.20:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.15-210:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.15.210:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.2-127:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.2.127:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.3.132:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.4-143:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.4.143:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.5-146:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.5.146:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.5.146:b:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.6-156:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.6.156:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.7-168:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.7.168:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.8-177:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.8.179:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.1.9-178:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:3.0.0.64:*:*:*:*:*:*:*
- (no CPE)range: <3.0.1.73
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvdPatchVendor Advisory
- securitytracker.com/idnvdPatch
- jvn.jp/en/jp/JVN02331156/index.htmlnvd
- jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000029.htmlnvd
- secunia.com/advisories/35108nvd
- www.securityfocus.com/bid/35031nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/50633nvd
News mentions
0No linked articles in our index yet.