Cross-site Scripting Vulnerability in HP ArcSight Connector Appliance
CVE-2011-0770
Currently unrated
What is CVE-2011-0770?
A cross-site scripting (XSS) vulnerability exists in the Windows Event Log SmartConnector of the HP ArcSight Connector Appliance prior to version 6.1. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML into web applications by manipulating the Windows XP variable in a file. Exploitation of this issue could enable unauthorized actions to be performed on behalf of users, potentially compromising sensitive information.