Cross-Site Scripting Vulnerability in Hitachi Tuning Manager and JP1/Performance Management
CVE-2014-4189

Currently unrated

Key Information:

Vendor: Hitachi
Status: Tuning Manager; Jp1\/performance Management-manager Web Option
Vendor: CVE Published:; 17 June 2014

Summary

This vulnerability presents a serious security risk, allowing remote attackers to inject arbitrary web scripts or HTML into the browser of an unsuspecting user. The flaw exists in the affected versions of Hitachi Tuning Manager and JP1/Performance Management, which fail to properly validate user input. Consequently, this allows for potential exploitation through various unspecified vectors, enabling attackers to manipulate the web application's content, thus compromising user data and security.

References

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/...

x_refsource_CONFIRM

http://secunia.com/advisories/58899

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/58528

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jun 17, 2014
Vulnerability Reserved
Jun 17, 2014