Vulnerability Details CVE-2017-14357
A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2017-14357
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.11.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.8
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.8c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.0c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.1c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.0c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.11.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.8
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.8c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.0c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.1c