Unrated severityNVD Advisory· Published Mar 29, 2010· Updated Apr 29, 2026

CVE-2010-0452

Description

Multiple cross-site scripting (XSS) vulnerabilities in HP Project and Portfolio Management Center (PPMC, formerly Mercury IT Governance) 7.1 through SP10 and 7.5 through SP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

HP PPMC versions 7.1 through SP10 and 7.5 through SP3 are vulnerable to remote cross-site scripting via unspecified vectors.

Vulnerability

HP Project and Portfolio Management Center (PPMC, formerly Mercury IT Governance) versions 7.1 through SP10 and 7.5 through SP3 running on AIX, HP-UX, Red Hat Linux, SUSE Linux, Solaris, and Windows Server are affected by multiple cross-site scripting (XSS) vulnerabilities [1]. The flaw allows remote attackers to inject arbitrary web script or HTML via unspecified vectors [1].

Exploitation

An attacker can remotely exploit this vulnerability without authentication, but user interaction is required (e.g., a victim must click a crafted link or visit a malicious page) [1]. The attacker needs no special network position beyond standard web access to the application [1].

Impact

Successful exploitation leads to disclosure of sensitive information (e.g., session cookies or other data) within the context of the victim's browser session [1]. The CVSS base score is 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) [1].

Mitigation

HP has released software patches to resolve the vulnerability; they are available from the HP Software Support Online (SSO) portal [1]. Users should apply the appropriate patch for their version and platform. No workarounds are documented in the available references [1].

References

'[security bulletin] HPSBMA02436 SSRT080064 rev.1 - HP Project and Portfolio Management Center (PPMC)'

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Microfocus/Project And Portfolio Management Center3 versions
cpe:2.3:a:hp:project_and_portfolio_management_center:*:sp10:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:hp:project_and_portfolio_management_center:*:sp10:*:*:*:*:*:*range: <=7.1
- cpe:2.3:a:hp:project_and_portfolio_management_center:*:sp3:*:*:*:*:*:*range: <=7.5
- (no CPE)range: 7.1 through SP10, 7.5 through SP3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

marc.infonvdVendor Advisory
secunia.com/advisories/39105nvdVendor Advisory
securitytracker.com/idnvd
www.osvdb.org/63175nvd
www.securityfocus.com/bid/38961nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000