Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0699

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2009-0699
Last Modified 24 Feb 2009 12:00:00
Published 23 Feb 2009 10:30:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2009-0699

Summary

Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the (1) QUB and (2) Bez74 parameters.

Vulnerable Systems

Application

  • Plunet Business Manager 4.1


References

XF - businessmanager-qub-bez74-xss(47795)

BID - 33153

MISC - http://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txt

BUGTRAQ - 20090109 Re: Plunet BusinessManager failure in access controls and multiple stored cross site scripting

BUGTRAQ - 20090107 Plunet BusinessManager failure in access controls and multiple stored cross site scripting


Last Updated: 27 May 2016 10:50:20