HP Operations Bridge Analytics CVE-2017-5800 Unspecified Cross Site Scripting Vulnerability

HP Operations Bridge Analytics is prone to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary HTML and script code in an unsuspecting user's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

HP Operations Bridge Analytics 3.0 is vulnerable.

Information

Bugtraq ID: 97412
Class: Input Validation Error
CVE: CVE-2017-5800

Remote: Yes
Local: No
Published: Mar 31 2017 12:00AM
Credit: The vendor reported the issue.
Vulnerable: HP Operations Bridge Analytics 3.0

Not Vulnerable: HP Operations Bridge Analytics 3.0 IP1

Exploit

To exploit this issue an attacker must entice an unsuspecting user to follow a malicious URI.

References:

HP HomePage (HP)
HPESBGN03721 rev.1 - HPE Operations Bridge Analytics, Remote Cross-Site Scriptin (HP)

Source: www.securityfocus.com

Exploit Collector

Search Exploit