Vulnerability Note VU#122054

HP ArcSight Connector Appliance XSS vulnerability

Original Release date: 15 Jul 2011 | Last revised: 15 Jul 2011


ArcSight Connector Appliance v6.0.0.60023.2, and possibly previous versions, contains a module which is vulnerable to cross site scripting (XSS).


Windows Event Log SmartConnector, a component of ArcSight Connector Appliance v6.0.0.60023.2 does not sanitize all input fields. As a result, cross site scripting (XSS) attacks can be conducted. An exportable report from the Windows Event Log SmartConnector for table parameters contains a drop-down selection field for "Microsoft OS Version". In some cases, this exported report is world-writeable with a default name. In the exported file an attacker can inject javascript code that will be run after the file is imported and the table parameters section is accessed for editing again.

For example, the following javascript code can be injected into the "Windows XP" variable of the exported file:

...,"Windows XP<script> alert('XSS')</script>","en_US"


An attacker with access to the ArcSight Connector Appliance can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.


Apply an Update
ArcSight Connector Appliance version 6.1 addresses this vulnerability.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Hewlett-Packard CompanyAffected29 Apr 201128 Jun 2011
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A


  • None


Thanks to Michael Rutkowski of Duer Advanced Technology and Aerospace, Inc (DATA) for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs: CVE-2011-0770
  • Date Public: 15 Jul 2011
  • Date First Published: 15 Jul 2011
  • Date Last Updated: 15 Jul 2011
  • Severity Metric: 4.59
  • Document Revision: 24


If you have feedback, comments, or additional information about this vulnerability, please send us email.