This host is running HP SiteScope and is prone to cross-site scripting and session fixation vulnerabilities.

Successful exploitation could allow execution of scripts or actions written by an attacker. In addition, an attacker may conduct session fixation attacks to hijack the target user's session. Impact Level: Application

Apply the patch from below link, For updates refer to http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940969 ***** NOTE : Ignore this warning if above mentioned patch is applied already. *****

Multiple flaws are due to, - Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. - An error in the handling of sessions can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link.

HP SiteScope version 9.x, 10.x, and 11.x

• http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940969
• http://osvdb.org/74113
• http://secunia.com/advisories/45440
• http://securitytracker.com/id?1025856
• http://xforce.iss.net/xforce/xfdb/68867

---

Updated on 2015-03-25