24 Apr 2012
Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behaviour of a web application in a user's browser, without compromising the underlying system.
Different Cross-Site Scripting related vulnerabilities are also classified under this category, including "script insertion" and "cross-site request forgery".
Cross-Site Scripting vulnerabilities are often used against specific users of a website to steal their credentials or to conduct spoofing attacks.
HP has issued an update for CIFS Server in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site request forgery attacks.
For more information see vulnerability #1 in:
The vulnerability is reported in versions B.11.11, B.11.23, and B.11.31 running HP-UX CIFS Server A.02.04.04 or prior and B.11.23 and B.11.31 running HP-UX CIFS Server A.03.01.03 or prior.
Update to version A.02.04.05 or A.03.01.04.
-- 11i v1 --
-- 11i v2 --
-- 11i v3 --