Details of VAR-E-201707-0383

ID

VAR-E-201707-0383

CVE

cve_id:

CVE-2017-8953

Trust: 0.3

sources: BID: 100338

TITLE

HP LoadRunner and Performance Center CVE-2017-8953 Cross Site Scripting Vulnerability

Trust: 0.3

sources: BID: 100338

DESCRIPTION

HP LoadRunner and Performance Center are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to perform unauthorized actions such as reading, modifying, or deleting content on behalf of the victim on the SharePoint site.

Trust: 0.3

sources: BID: 100338

AFFECTED PRODUCTS

vendor:	hp	model:	performance center	scope:	eq	version:	12.53	Trust: 0.3
vendor:	hp	model:	performance center	scope:	eq	version:	12.50	Trust: 0.3
vendor:	hp	model:	performance center	scope:	eq	version:	12.20	Trust: 0.3
vendor:	hp	model:	performance center	scope:	eq	version:	12.01	Trust: 0.3
vendor:	hp	model:	performance center	scope:	eq	version:	12.00	Trust: 0.3
vendor:	hp	model:	performance center	scope:	eq	version:	12.0	Trust: 0.3
vendor:	hp	model:	performance center	scope:	eq	version:	11.52	Trust: 0.3
vendor:	hp	model:	loadrunner	scope:	eq	version:	12.53	Trust: 0.3
vendor:	hp	model:	loadrunner	scope:	eq	version:	12.50	Trust: 0.3
vendor:	hp	model:	loadrunner	scope:	eq	version:	12.02	Trust: 0.3
vendor:	hp	model:	loadrunner	scope:	eq	version:	12.01	Trust: 0.3
vendor:	hp	model:	loadrunner	scope:	eq	version:	12.0	Trust: 0.3
vendor:	hp	model:	loadrunner	scope:	eq	version:	11.52	Trust: 0.3
vendor:	hp	model:	loadrunner	scope:	eq	version:	11.0	Trust: 0.3

sources: BID: 100338

EXPLOIT

An attacker can exploit these issues by enticing an unsuspecting user to view a malicious webpage.

Trust: 0.3

sources: BID: 100338

PRICE

Free

Trust: 0.3

sources: BID: 100338

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 100338

CREDITS

gheckoxs

Trust: 0.3

sources: BID: 100338

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8953	Trust: 0.3
db:	BID	id:	100338	Trust: 0.3

sources: BID: 100338

REFERENCES

url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbgn03764en_us	Trust: 0.3
url:	http://www.hp.com/	Trust: 0.3

sources: BID: 100338

SOURCES

db:

BID

id:

100338

LAST UPDATE DATE

2022-07-27T09:47:06.359000+00:00

SOURCES UPDATE DATE

db:

BID

id:

100338

date:

2017-07-17T00:00:00

SOURCES RELEASE DATE

db:

BID

id:

100338

date:

2017-07-17T00:00:00