CVE-2018-6502 — Cross-site Scripting in HP Arcsight Management Center

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

CNA6.5

EPSS

0.3%

top 47.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Arcsight Management Center Micro Focus Arcsight Management Center

Timeline

PublishedSep 20

Latest updateMay 13

Description

A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDhp/arcsight_management_center< 2.81

▶CVEListV5micro_focus/arcsight_management_centerall versions prior to 2.81

🔴Vulnerability Details

GHSA

GHSA-gp3g-jq7m-w929: A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prio↗2022-05-13

▶

CVEList

MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Downl↗2018-09-20

▶