Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04797406
http://www.securityfocus.com/archive/1/536877/100/0/threaded