CVE-2013-4815: XSS
First published: Fri Sep 20 2013(Updated: )
Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: hp-security-alert@hp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenText ArcSight Enterprise Security Manager | <=5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-4815?
CVE-2013-4815 is classified as a medium severity vulnerability due to its potential for allowing cross-site scripting attacks.
How do I fix CVE-2013-4815?
To mitigate CVE-2013-4815, upgrade to HP ArcSight Enterprise Security Manager version 5.5 or later.
What kind of attacks does CVE-2013-4815 facilitate?
CVE-2013-4815 allows remote attackers to perform cross-site scripting (XSS) attacks by injecting arbitrary web scripts or HTML.
Which versions of HP ArcSight Enterprise Security Manager are affected by CVE-2013-4815?
CVE-2013-4815 affects HP ArcSight Enterprise Security Manager versions up to and including 5.2.
Is CVE-2013-4815 easy to exploit?
Exploitation of CVE-2013-4815 may be straightforward for attackers with knowledge of the affected web interface.
- agent/type
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microfocus
- canonical/opentext arcsight enterprise security manager
- version/opentext arcsight enterprise security manager/5.2