Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
HP ArcSight Connectors Windows Event Log SmartConnector跨站脚本攻击漏洞
Vulnerability Description
HP ArcSight Connector Appliance 6.1之前版本中存在跨站脚本攻击漏洞。当导入报表时,借助“Microsoft OS Version”向Windows Event Log SmartConnector传递的输入在使用之前没有经过正确过滤,远程攻击者可借助文件中的Windows XP变量注入任意HTML和脚本代码,当浏览恶意数据时,这些代码就会在受影响站点上下文的用户浏览器会话中得到执行。
CVSS Information
N/A
Vulnerability Type
N/A