The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of HPE webOS

vulnerability announce CVE-2011-2409

HP webOS: JavaScript injection via Calendar

Synthesis of the vulnerability

An attacker can invite the victim to use the Calendar application of HP webOS, in order to execute JavaScript code.
Impacted products: HP webOS.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: document.
Creation date: 10/08/2011.
Identifiers: BID-49112, c02945437, CVE-2011-2409, HPSBGN02696, SSRT100590, VIGILANCE-VUL-10912.

Description of the vulnerability

The Calendar application of HP webOS processes events.

An attacker can invite the victim to use the Calendar application of HP webOS, in order to execute JavaScript code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2011-2408

HP webOS: JavaScript injection via Contacts

Synthesis of the vulnerability

An attacker can invite the victim to import a malicious contact with HP webOS, in order to execute JavaScript code.
Impacted products: HP webOS.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: document.
Creation date: 07/07/2011.
Revision date: 10/08/2011.
Identifiers: BID-48613, BID-49111, c02937744, CVE-2011-2408, HPSBGN02694, SSRT100586, VIGILANCE-VUL-10818.

Description of the vulnerability

The Contacts application of HP webOS displays the first and the last name of a contact when it is imported.

However these values are directly inserted in the application with no filtering.

An attacker can therefore invite the victim to import a malicious contact with HP webOS, in order to execute JavaScript code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.