Vulnerability CVE-2011-0770
Published: 2011-07-19   Modified: 2012-02-13

Description:
Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file.

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
HP -> Windows event log smartconnector 
HP -> Arcsight c1000 appliance 
HP -> Arcsight c1300 appliance 
HP -> Arcsight c3200 appliance 
HP -> Arcsight c3400 appliance 
HP -> Arcsight c5200 appliance 
HP -> Arcsight c5400 appliance 

 References:
http://www.kb.cert.org/vuls/id/122054
http://xforce.iss.net/xforce/xfdb/68569
http://www.securityfocus.com/bid/48694
http://securitytracker.com/id?1025791
Copyright 2024, cxsecurity.com

 

Back to Top