Remote Cross-Site Scripting in HPE LoadRunner and Performance Center
CVE-2017-8953

5.4MEDIUM

Key Information:

Vendor
HP
Status
Loadrunner And Performance Center
Vendor
CVE Published:
15 February 2018

Summary

A vulnerability exists in HPE LoadRunner and HPE Performance Center that allows an attacker to exploit Remote Cross-Site Scripting (XSS). This flaw permits attackers to inject malicious scripts into web applications accessed by users, potentially leading to unauthorized actions on behalf of the user. Affected versions include HPE LoadRunner v12.53 and earlier, and HPE Performance Center v12.53 and earlier. It is crucial for users to apply patches and follow best practices to mitigate risk.

Affected Version(s)

LoadRunner and Performance Center v12.53 and earlier, v12.53 and earlier

References

http://www.securitytracker.com/id/1038868
vdb-entryx_refsource_SECTRACK
https://support.hpe.com/hpsc/doc/public/display?docId=emr...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038867
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.