CVE-2011-0770

HP Windows Event Log Smartconnector < 6.0.0.60023.2 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file.

References (4)

[US Government Resource] http://www.kb.cert.org/vuls/id/122054

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/68569

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/48694

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1025791

Scores

EPSS 0.0133

EPSS Percentile 79.8%

Classification

CWE

CWE-79

Status published

Affected Products (8)

hp/windows_event_log_smartconnector < 6.0.0.60023.2

hp/arcsight_c1000_appliance

hp/arcsight_c1300_appliance

hp/arcsight_c3200_appliance

hp/arcsight_c3400_appliance

hp/arcsight_c5200_appliance

hp/arcsight_c5400_appliance

n/a/n/a

Timeline

Published Jul 19, 2011

Tracked Since Feb 18, 2026