CVE-2011-0770

HP Windows Event Log SmartConnector < 6.0.0.60023.2 - Cross-Site Scripting via Windows XP Variable

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68569
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/48694
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/122054
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1025791

Scores

EPSS 0.0133
EPSS Percentile 80.2%

Details

CWE
CWE-79
Status published
Products (7)
hp/arcsight_c1000_appliance
hp/arcsight_c1300_appliance
hp/arcsight_c3200_appliance
hp/arcsight_c3400_appliance
hp/arcsight_c5200_appliance
hp/arcsight_c5400_appliance
hp/windows_event_log_smartconnector < 6.0.0.60023.2
Published Jul 19, 2011
Tracked Since Feb 18, 2026