HP ArcSight Logger < 6.1 Management Center XSS

Medium Nessus Plugin ID 86419


The remote host has an application installed that is affected by a reflected cross-site scripting vulnerability.


The remote host has a version of HP ArcSight logger installed that is prior to 6.1. It is, therefore, affected by a reflected cross-site scripting vulnerability in the Management Center due to improper validation of user-supplied input. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.


Upgrade to HP ArcSight Logger version 6.1 or later.

See Also


Plugin Details

Severity: Medium

ID: 86419

File Name: arcsight_logger_6_1.nasl

Version: $Revision: 1.4 $

Type: local

Family: Misc.

Published: 2015/10/16

Modified: 2016/08/26

Dependencies: 69446

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:hp:arcsight_logger

Required KB Items: installed_sw/ArcSight Logger

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/09/23

Vulnerability Publication Date: 2015/09/23

Reference Information

CVE: CVE-2015-5441

OSVDB: 128253

HP: HPSBGN03507, SSRT102181, emr_na-c04797406