CA Host-Based Intrusion Prevention System Server Log Data XSS
Medium Nessus Plugin ID 27527
SynopsisThe remote Windows host has an application that is affected by a cross-site scripting vulnerability.
DescriptionThe remote host is running Computer Associates' Host-Based Intrusion Prevention System (CA HIPS) Server, an intrusion prevention system for Windows.
The version of CA HIPS Server installed on the remote Windows server is reportedly affected by a cross-site scripting issue because it fails to sanitize log data before displaying it. An attacker may be able to leverage this issue to inject arbitrary HTML or script code into the browser of an administrative user to be executed within the security context of the affected service.
SolutionUpgrade to CA HIPS version 18.104.22.168 by applying the patch referenced in the vendor advisory above.