Unrated severityNVD Advisory· Published Mar 14, 2011· Updated Apr 29, 2026

CVE-2011-0280

Description

Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp. NOTE: some of these details are obtained from third party information.

Affected products

HP/Power Manager6 versions
cpe:2.3:a:hp:power_manager:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:hp:power_manager:*:*:*:*:*:*:*:*range: <=4.3.2
- cpe:2.3:a:hp:power_manager:4.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:hp:power_manager:4.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:hp:power_manager:4.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:hp:power_manager:4.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:hp:power_manager:4.2.9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/43058nvdVendor Advisory
archives.neohapsis.com/archives/bugtraq/2011-03/0111.htmlnvd
www.securityfocus.com/bid/46830nvd
exchange.xforce.ibmcloud.com/vulnerabilities/66035nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000