VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 28, 2010· Updated Apr 29, 2026

CVE-2010-1036

CVE-2010-1036

Description

Cross-site scripting (XSS) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting (XSS) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to inject arbitrary web script or HTML.

Vulnerability

A cross-site scripting (XSS) vulnerability exists in HP System Insight Manager (HP SIM) prior to version 6.0. The vulnerability occurs due to insufficient sanitization of user-supplied input, allowing an attacker to inject arbitrary web script or HTML through unspecified vectors. This affects HP SIM running on HP-UX, Linux, and Windows systems [1].

Exploitation

An attacker can exploit this vulnerability remotely without requiring authentication, as indicated by the CVSS vector (AV:N/AC:M/Au:N/C:P/I:P/A:P). The attacker needs to craft a malicious URL or input that, when processed by the application, executes arbitrary script in the victim's browser. The exact exploitation steps vary depending on the unspecified vectors, but likely involve convincing a user to click on a crafted link or visit a malicious page [1].

Impact

Successful exploitation allows the attacker to execute arbitrary script or HTML in the context of the victim's browser, potentially leading to theft of sensitive information, session hijacking, or defacement. The CVSS base score of 6.8 (Medium) indicates partial impact on confidentiality, integrity, and availability [1].

Mitigation

The vulnerability is fixed in HP System Insight Manager version 6.0. Users should upgrade to this version or later. No workarounds are provided in the available references [1].

References
  1. '[security bulletin] HPSBMA02525 SSRT100083 rev.1 - HP System Insight Manager Running on HP-UX, Linux'

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

20
  • Microfocus/Systems Insight Manager20 versions
    cpe:2.3:a:hp:systems_insight_manager:2.5:*:*:*:*:*:*:*+ 19 more
    • cpe:2.3:a:hp:systems_insight_manager:2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:systems_insight_manager:2.5.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:systems_insight_manager:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:systems_insight_manager:4.0:sp1:*:*:*:*:*:*
    • cpe:2.3:a:hp:systems_insight_manager:4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:systems_insight_manager:4.1:sp1:*:*:*:*:*:*
    • cpe:2.3:a:hp:systems_insight_manager:4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:systems_insight_manager:4.2:sp1:*:*:*:*:*:*
    • cpe:2.3:a:hp:systems_insight_manager:4.2:sp2:*:*:*:*:*:*
    • cpe:2.3:a:hp:systems_insight_manager:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:systems_insight_manager:5.0:sp1:*:*:*:*:*:*
    • cpe:2.3:a:hp:systems_insight_manager:5.0:sp2:*:*:*:*:*:*
    • cpe:2.3:a:hp:systems_insight_manager:5.0:sp3:*:*:*:*:*:*
    • cpe:2.3:a:hp:systems_insight_manager:5.0:sp4:*:*:*:*:*:*
    • cpe:2.3:a:hp:systems_insight_manager:5.0:sp5:*:*:*:*:*:*
    • cpe:2.3:a:hp:systems_insight_manager:5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:systems_insight_manager:5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:systems_insight_manager:*:sp1:*:*:*:*:*:*
    • cpe:2.3:a:hp:systems_insight_manager:*:update_1:*:*:*:*:*:*range: <=5.2
    • (no CPE)range: <6.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.