CVE-2011-0770
Description
Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting vulnerability in HP ArcSight Connector Appliance Windows Event Log SmartConnector allows remote attackers to inject arbitrary script via the Windows XP variable in an exported file.
Vulnerability
The vulnerability resides in the Windows Event Log SmartConnector component of HP ArcSight Connector Appliance versions before 6.1. The SmartConnector fails to sanitize input fields when exporting reports. Specifically, an exported report for table parameters includes a drop-down selection field for "Microsoft OS Version". The "Windows XP" variable in the exported file is not sanitized, allowing injection of arbitrary web script or HTML. Affected versions include v6.0.0.60023.2 and possibly earlier releases [1].
Exploitation
An attacker with access to the ArcSight Connector Appliance can exploit this vulnerability by modifying the exported report file, which is world-writeable with a default name. The attacker injects JavaScript code into the "Windows XP" variable, for example: "Windows XP". When the file is imported back into the SmartConnector and the table parameters section is accessed for editing, the injected script executes [1].
Impact
Successful exploitation allows an attacker to conduct a cross-site scripting (XSS) attack, which could result in information leakage, privilege escalation, and/or denial of service. The attack runs in the context of the SmartConnector application [1].
Mitigation
HP released ArcSight Connector Appliance version 6.1 to address this vulnerability. Users should upgrade to version 6.1 or later. No workarounds are mentioned in the available reference [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8- cpe:2.3:a:hp:windows_event_log_smartconnector:*:*:*:*:*:*:*:*Range: <=6.0.0.60023.2
- cpe:2.3:h:hp:arcsight_c1000_appliance:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:arcsight_c1300_appliance:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:arcsight_c3200_appliance:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:arcsight_c3400_appliance:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:arcsight_c5200_appliance:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:arcsight_c5400_appliance:*:*:*:*:*:*:*:*
- Range: <6.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.kb.cert.org/vuls/id/122054nvdUS Government Resource
- securitytracker.com/idnvd
- www.securityfocus.com/bid/48694nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/68569nvd
News mentions
0No linked articles in our index yet.