A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 03:11
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/100935 - | |
References | () https://softwaresupport.hpe.com/km/KM02944672 - |
07 Nov 2023, 02:38
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/100935 - | |
References | () https://softwaresupport.hpe.com/km/KM02944672 - |
Information
Published : 2017-09-30 01:29
Updated : 2024-11-21 03:11
NVD link : CVE-2017-13986
Mitre link : CVE-2017-13986
CVE.ORG link : CVE-2017-13986
JSON object : View
Products Affected
hp
- arcsight_enterprise_security_manager
- arcsight_enterprise_security_manager_express
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')