15 results (0.018 seconds)

CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited. Se ha identificado una vulnerabilidad de Cross Site Scripting Almacenado (XSS) en OpenText ArcSight Enterprise Security Manager y ArcSight Platform. La vulnerabilidad podría explotarse de forma remota. • https://portal.microfocus.com/s/article/KM000029773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited. Se ha identificado una vulnerabilidad de Cross Site Scripting Almacenado (XSS) en OpenText ArcSight Enterprise Security Manager y ArcSight Platform. La vulnerabilidad podría explotarse de forma remota. • https://portal.microfocus.com/s/article/KM000029773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 0

A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site. Vulnerabilidad de redirección de URL a un sitio no fiable en HP ArcSight ESM y HP ArcSight ESM Express, en cualquier versión 6.x anterior a la 6.9.1c Patch 4 o versión 6.11.0 Patch 1. Esta vulnerabilidad podría explotarse de forma remota para permitir una redirección de URL a un sitio no fiable. • https://softwaresupport.hpe.com/km/KM02996760 https://www.auscert.org.au/bulletins/54166 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 9.8EPSS: 0%CPEs: 28EXPL: 0

An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection. Vulnerabilidad de inyección SQL en HP ArcSight ESM y HP ArcSight ESM Express, en cualquier versión 6.x anterior a la 6.9.1c Patch 4 o versión 6.11.0 Patch 1. Esta vulnerabilidad podría explotarse de forma remota para permitir una inyección SQL. • http://www.securityfocus.com/bid/101627 https://softwaresupport.hpe.com/km/KM02996760 https://www.auscert.org.au/bulletins/54166 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS) Vulnerabilidad de Cross-Site Scripting (XSS) persistente y reflejado en HP ArcSight ESM y HP ArcSight ESM Express, en cualquier versión 6.x anterior a la 6.9.1c Patch 4 o versión 6.11.0 Patch 1. Esta vulnerabilidad podría explotarse de forma remota para permitir Cross-Site Scripting (XSS) persistente y reflejado. • https://softwaresupport.hpe.com/km/KM02996760 https://www.auscert.org.au/bulletins/54166 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •