Hitachi IT Operations Products Unspecified Cross Site Scripting Vulnerability

Bugtraq ID:	52705
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 26 2012 12:00AM
Updated:	Mar 26 2012 12:00AM
Credit:	Reported by the vendor
Vulnerable:	Hitachi IT Operations Director 03-00-06 Hitachi IT Operations Director 03-00 Hitachi IT Operations Director 02-50-07 Hitachi IT Operations Director 02-50-06 Hitachi IT Operations Director 02-50-01 Hitachi IT Operations Analyzer 03-01 Hitachi IT Operations Analyzer 02-53-02 Hitachi IT Operations Analyzer 02-53 Hitachi IT Operations Analyzer 02-51-01 Hitachi IT Operations Analyzer 02-51 Hitachi IT Operations Analyzer 02-01
Not Vulnerable:	Hitachi IT Operations Director 03-00-07

Hitachi IT Operations Products Unspecified Cross Site Scripting Vulnerability

Multiple Hitachi IT Operations Products are prone to an unspecified cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Hitachi IT Operations Products Unspecified Cross Site Scripting Vulnerability

Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

Hitachi IT Operations Products Unspecified Cross Site Scripting Vulnerability

Solution:
Vendor updates are available. Please see the references for more details.

Hitachi IT Operations Products Unspecified Cross Site Scripting Vulnerability

References:

• Cross-site Scripting Vulnerability in Hitachi IT Operations Products (Hitachi)
  
• Hitachi Homepage (Hitachi)