HP Operations Bridge Analytics CVE-2017-5800 Unspecified Cross Site Scripting Vulnerability



HP Operations Bridge Analytics is prone to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary HTML and script code in an unsuspecting user's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

HP Operations Bridge Analytics 3.0 is vulnerable.

Information

Bugtraq ID: 97412
Class: Input Validation Error
CVE: CVE-2017-5800

Remote: Yes
Local: No
Published: Mar 31 2017 12:00AM
Credit: The vendor reported the issue.
Vulnerable: HP Operations Bridge Analytics 3.0


Not Vulnerable: HP Operations Bridge Analytics 3.0 IP1


Exploit


To exploit this issue an attacker must entice an unsuspecting user to follow a malicious URI.


Related Posts