Cross-site Scripting Vulnerability in HP ArcSight Connector Appliance
CVE-2011-0770

Currently unrated

Key Information:

Vendor: HP
Status: Arcsight C5400 Appliance; Arcsight C5200 Appliance; Arcsight C3200 Appliance; Arcsight C3400 Appliance
Vendor: CVE Published:; 19 July 2011

What is CVE-2011-0770?

A cross-site scripting (XSS) vulnerability exists in the Windows Event Log SmartConnector of the HP ArcSight Connector Appliance prior to version 6.1. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML into web applications by manipulating the Windows XP variable in a file. Exploitation of this issue could enable unauthorized actions to be performed on behalf of users, potentially compromising sensitive information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/68569

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/48694

vdb-entryx_refsource_BID

http://www.kb.cert.org/vuls/id/122054

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2011
Vulnerability Reserved
Feb 3, 2011