HPE System Management Homepage before v7.6 allows “remote authenticated” attackers to obtain sensitive information via unspecified vectors, related to an “XSS” issue.