CVE-2010-3289
Description
Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
HP Systems Insight Manager before 6.2 contains a cross-site scripting vulnerability allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Vulnerability
HP Systems Insight Manager (SIM) prior to version 6.2 on HP-UX, Linux, and Windows is affected by a cross-site scripting (XSS) vulnerability. The issue arises from unspecified vectors that allow injection of arbitrary web script or HTML. The vulnerability is present in all versions before 6.2 [1].
Exploitation
An attacker can exploit this vulnerability by crafting a malicious link or web page that, when visited by an authenticated SIM user, executes arbitrary script in the context of the user's browser. The attack requires user interaction (e.g., clicking a link) and no authentication on the attacker's part, as indicated by the CVSS vector AV:N/AC:M/Au:N/C:N/I:P/A:N [1].
Impact
Successful exploitation allows the attacker to inject and execute arbitrary HTML or JavaScript in the victim's browser session. This can lead to theft of session cookies, defacement, or other actions performed with the victim's privileges within the SIM web interface. The impact is limited to integrity compromise; confidentiality and availability are not directly affected [1].
Mitigation
HP has addressed this vulnerability in HP Systems Insight Manager version 6.2. Users should upgrade to 6.2 or later to remediate the issue. No workarounds are documented in the available reference [1]. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
24cpe:2.3:a:hp:systems_insight_manager:*:*:*:*:*:*:*:*+ 23 more
- cpe:2.3:a:hp:systems_insight_manager:*:*:*:*:*:*:*:*range: <=6.1
- cpe:2.3:a:hp:systems_insight_manager:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:2.5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:4.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:4.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:4.2:sp1:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:4.2:sp2:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:5.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:5.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:5.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:5.0:sp4:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:5.0:sp5:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:5.2:update_1:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:5.3:update_1:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:*:sp1:*:*:*:*:*:*
- (no CPE)range: <6.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.