Cross-Site Scripting Vulnerability in HP ArcSight Connector and Logger Products
CVE-2012-2960

Currently unrated

Key Information:

Vendor: HP
Status: Arcsight Connector Appliance Firmware; Arcsight Connector Appliance
Vendor: CVE Published:; 8 August 2012

What is CVE-2012-2960?

A Cross-Site Scripting (XSS) vulnerability exists in the import functionality of HP ArcSight Connector appliance and ArcSight Logger appliance. Attackers can exploit this vulnerability by crafting a malicious file that, when imported, may allow arbitrary web scripts or HTML to be injected into the application. This could lead to unauthorized actions being executed on behalf of authenticated users, potentially compromising sensitive data and user accounts.

References

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/...

vendor-advisoryx_refsource_HP

http://www.kb.cert.org/vuls/id/960468

third-party-advisoryx_refsource_CERT-VN

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/...

vendor-advisoryx_refsource_HP

Timeline

Vulnerability published
Aug 8, 2012
Vulnerability Reserved
May 30, 2012