First published: Thu Feb 15 2018(Updated: )
A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v12.53 and earlier and HPE Performance Center version v12.53 and earlier was found.
Credit: security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
HP LoadRunner | <=12.53 | |
OpenText Performance Center | <=12.53 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-8953 is classified as a medium-severity vulnerability due to its potential for exploitation via remote cross-site scripting.
To mitigate CVE-2017-8953, upgrade HPE LoadRunner and HPE Performance Center to versions above 12.53 which no longer contain this vulnerability.
CVE-2017-8953 affects HPE LoadRunner version 12.53 and earlier, as well as HPE Performance Center version 12.53 and earlier.
Exploiting CVE-2017-8953 could allow an attacker to execute malicious scripts in the context of the user's browser, leading to unauthorized actions or data theft.
While the primary mitigation for CVE-2017-8953 is an upgrade, implementing strict input validation and output encoding may help reduce exposure to the risk.