CVE-2013-2364

low

Published 2013-07-22 · Modified 2026-04-29

CVSS v3

—

CVSS v2

3.5

VIR risk

3.5

Description

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: hp-security-alert@hp.com — https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862

Application impact

Vendor	Product	Versions
hp	system_management_homepage	`{"endIncluding":"7.2"}`
hp	system_management_homepage	`7.0`
hp	system_management_homepage	`7.1`

References

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.