ArcSight Connector Appliance v126.96.36.199023.2, and possibly previous versions, contains a module which is vulnerable to cross site scripting (XSS).
An attacker with access to the ArcSight Connector Appliance can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.
Thanks to Michael Rutkowski of Duer Advanced Technology and Aerospace, Inc (DATA) for reporting this vulnerability.
This document was written by Jared Allar.
|Date First Published:||2011-07-15|
|Date Last Updated:||2011-07-15 16:21 UTC|