This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Hp First view 2010-12-08
Product Palm Webos Last view 2011-05-13
Version 1.4.5 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:hp:palm_webos

Activity : Overall

Related : CVE

  Date Alert Description
7.2 2011-05-13 CVE-2011-1738

HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in Development Kit (PDK) applications, which allows local users to gain privileges by leveraging unintended filesystem write access.

4.3 2011-05-13 CVE-2011-1737

Multiple cross-site scripting (XSS) vulnerabilities in the Email application in HP Palm webOS 1.4.5 and 1.4.5.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3 2010-12-08 CVE-2010-4109

Cross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file.

CWE : Common Weakness Enumeration

%idName
66% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
33% (1) CWE-264 Permissions, Privileges, and Access Controls

Open Source Vulnerability Database (OSVDB)

id Description
72319 HP Palm WebOS Plug-in Development Kit Unspecified Arbitrary File Overwrite
72318 HP Palm WebOS Email Unspecified XSS
69600 HP Palm WebOS Contacts Application Crafted vCard XSS