CVE-2007-5472
CA Host-Based Intrusion Prevention System < 8 - Cross-Site Scripting via Log Viewer
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Server component in CA Host-Based Intrusion Prevention System (HIPS) before 8.0.0.93 allows remote attackers to inject arbitrary web script or HTML via requests that are written to logs for later display in the log viewer.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482536/100/0/threaded
Patch x_refsource_confirm
http://supportconnectw.ca.com/public/cahips/infodocs/cahips-secnotice.asp
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1018839
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37285
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3547
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/37998
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26134
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27301
Scores
EPSS
0.0070
EPSS Percentile
72.2%
Details
CWE
CWE-79
Status
published
Products (1)
broadcom/host-based_intrusion_prevention_system
< 8
Published
Oct 22, 2007
Tracked Since
Feb 18, 2026