CVE-2012-2960

2012-08-0810:26:18

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-2960

xss vulnerability

hp arcsight connector

hp arcsight logger

nvd

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.7%

JSON

Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file.

Affected configurations

NVD

Node

hparcsight_connector_appliance_firmwareMatch6.0.0.60023.2

hparcsight_connector_appliance_firmwareMatch6.2.0.6244.0

AND

hparcsight_connector_applianceMatchc1400

hparcsight_connector_applianceMatchc3400

hparcsight_connector_applianceMatchc5400

Node

hparcsight_logger_appliance_firmwareMatch5.2.0.6288.0

AND

hparcsight_logger_applianceMatchl7400-san

CPENameOperatorVersion
hp:arcsight_connector_appliance_firmwarehp arcsight connector appliance firmwareeq6.0.0.60023.2
hp:arcsight_connector_appliance_firmwarehp arcsight connector appliance firmwareeq6.2.0.6244.0
hp:arcsight_connector_appliancehp arcsight connector applianceeqc1400
hp:arcsight_connector_appliancehp arcsight connector applianceeqc3400
hp:arcsight_connector_appliancehp arcsight connector applianceeqc5400

CPE	Name	Operator	Version
hp:arcsight_connector_appliance_firmware	hp arcsight connector appliance firmware	eq	6.0.0.60023.2
hp:arcsight_connector_appliance_firmware	hp arcsight connector appliance firmware	eq	6.2.0.6244.0
hp:arcsight_connector_appliance	hp arcsight connector appliance	eq	c1400
hp:arcsight_connector_appliance	hp arcsight connector appliance	eq	c3400
hp:arcsight_connector_appliance	hp arcsight connector appliance	eq	c5400