CVE-2013-5005

Name of the Vulnerable Software and Affected Versions Tripwire Enterprise versions 8.2 and earlier

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters. The vulnerable parameters are m target class name, m target method name, and m request context params.

Recommendations For Tripwire Enterprise versions 8.2 and earlier, consider restricting access to the ajaxRequest/methodCall.do endpoint until a patch is available. As a temporary workaround, avoid using the m target class name, m target method name, and m request context params parameters in the affected endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.