First published: Fri Sep 20 2013(Updated: )
Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: hp-security-alert@hp.com
Affected Software | Affected Version | How to fix |
---|---|---|
OpenText ArcSight Enterprise Security Manager | <=5.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-4815 is classified as a medium severity vulnerability due to its potential for allowing cross-site scripting attacks.
To mitigate CVE-2013-4815, upgrade to HP ArcSight Enterprise Security Manager version 5.5 or later.
CVE-2013-4815 allows remote attackers to perform cross-site scripting (XSS) attacks by injecting arbitrary web scripts or HTML.
CVE-2013-4815 affects HP ArcSight Enterprise Security Manager versions up to and including 5.2.
Exploitation of CVE-2013-4815 may be straightforward for attackers with knowledge of the affected web interface.