Vulnerability Description
Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Windows Event Log Smartconnector | <= 6.0.0.60023.2 |
| Hp | Arcsight C1000 Appliance | All versions |
| Hp | Arcsight C1300 Appliance | All versions |
| Hp | Arcsight C3200 Appliance | All versions |
| Hp | Arcsight C3400 Appliance | All versions |
| Hp | Arcsight C5200 Appliance | All versions |
| Hp | Arcsight C5400 Appliance | All versions |
Related Weaknesses (CWE)
References
- http://securitytracker.com/id?1025791
- http://www.kb.cert.org/vuls/id/122054US Government Resource
- http://www.securityfocus.com/bid/48694
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68569
- http://securitytracker.com/id?1025791
- http://www.kb.cert.org/vuls/id/122054US Government Resource
- http://www.securityfocus.com/bid/48694
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68569
FAQ
What is CVE-2011-0770?
CVE-2011-0770 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Window...
How severe is CVE-2011-0770?
CVE-2011-0770 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0770?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Windows Event Log Smartconnector, Hp Arcsight C1000 Appliance, Hp Arcsight C1300 Appliance, Hp Arcsight C3200 Appliance, Hp Arcsight C3400 Appliance.