CVE-2012-2960

CVSS V2 Medium 4.3 CVSS V3 None
Description
Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file.
Overview
  • CVE ID
  • CVE-2012-2960
  • Assigner
  • cret@cert.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2012-08-08T10:26:18
  • Last Modified Date
  • 2013-02-20T04:38:55
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:hp:arcsight_connector_appliance_firmware:6.0.0.60023.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:hp:arcsight_connector_appliance_firmware:6.2.0.6244.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hp:arcsight_connector_appliance:c1400:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hp:arcsight_connector_appliance:c3400:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hp:arcsight_connector_appliance:c5400:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:hp:arcsight_logger_appliance_firmware:5.2.0.6288.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hp:arcsight_logger_appliance:l7400-san:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://www.kb.cert.org/vuls/id/960468 US Government Resource
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2012-2960
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2960
History
Created Old Value New Value Data Type Notes
2022-05-10 10:47:22 Added to TrackCVE