CVE-2011-0770

EUVD-2011-0782
Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
hpwindows_event_log_smartconnector
𝑥
≤ 6.0.0.60023.2
hparcsight_c1000_appliance
*
hparcsight_c1300_appliance
*
hparcsight_c3200_appliance
*
hparcsight_c3400_appliance
*
hparcsight_c5200_appliance
*
hparcsight_c5400_appliance
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://securitytracker.com/id?1025791
http://www.kb.cert.org/vuls/id/122054
http://www.securityfocus.com/bid/48694
https://exchange.xforce.ibmcloud.com/vulnerabilities/68569
http://securitytracker.com/id?1025791
http://www.kb.cert.org/vuls/id/122054
http://www.securityfocus.com/bid/48694
https://exchange.xforce.ibmcloud.com/vulnerabilities/68569