CVE-2012-2960

HP Arcsight Connector Appliance Firmware - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file.

References (2)

[Various Sources] http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700

[US Government Resource] http://www.kb.cert.org/vuls/id/960468

Scores

EPSS 0.0074

EPSS Percentile 72.8%

Classification

CWE

CWE-79

Status published

Affected Products (8)

hp/arcsight_connector_appliance_firmware

hp/arcsight_connector_appliance

hp/arcsight_logger_appliance_firmware

hp/arcsight_logger_appliance

n/a/n/a

Timeline

Published Aug 08, 2012

Tracked Since Feb 18, 2026