VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 28, 2010· Updated Apr 29, 2026

CVE-2010-3991

CVE-2010-3991

Description

Cross-site scripting (XSS) vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerability

HP Insight Control Server Migration for Windows prior to version 6.2 contains a cross-site scripting (XSS) vulnerability. The issue exists via unspecified vectors, allowing injection of arbitrary web script or HTML. The vulnerability is identified as CVE-2010-3991 and is part of a set of issues disclosed in HP Security Bulletin HPSBMA02601 [1].

Exploitation

An unauthenticated remote attacker can exploit this XSS by crafting a malicious link or input that, when processed by the application, executes arbitrary script in the context of the victim's browser. The attack requires user interaction (e.g., clicking a link) and has medium complexity according to the CVSS score (AV:N/AC:M/Au:N/C:P/I:N/A:N) [1].

Impact

Successful exploitation leads to information disclosure, as the attacker can read sensitive data from the affected web page or session. The CVSS base score is 4.3, indicating a moderate impact on confidentiality only [1].

Mitigation

HP has released version 6.2 of HP Insight Control Server Migration to address this vulnerability. Users should upgrade to this version or later. No workarounds are documented in the available reference [1].

References
  1. '[security bulletin] HPSBMA02601 SSRT100316 rev.1 - HP Insight Control Server Migration for Windows,'

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Microfocus/Insight Control Server Migration5 versions
    cpe:2.3:a:hp:insight_control_server_migration:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:hp:insight_control_server_migration:*:*:*:*:*:*:*:*range: <=6.1.2
    • cpe:2.3:a:hp:insight_control_server_migration:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:insight_control_server_migration:6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:insight_control_server_migration:6.1:*:*:*:*:*:*:*
    • (no CPE)range: <6.2
  • Microfocus/Insight Control Server Migration6.0.1
    cpe:2.3:a:hp:insight_control_server_migration6.0.1:*:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.