Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2898

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2009-2898
Last Modified 13 Oct 2009 12:00:00
Published 13 Oct 2009 06:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2009-2898

Summary

Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users to inject arbitrary web script or HTML via the Description field. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Springsource Application Management Suite 2.0.0

  • Springsource Hyperic Hq 3.2

  • Springsource Hyperic Hq 3.2.0

  • Springsource Hyperic Hq 3.2.1

  • Springsource Hyperic Hq 3.2.2

  • Springsource Hyperic Hq 3.2.3

  • Springsource Hyperic Hq 3.2.4

  • Springsource Hyperic Hq 3.2.5

  • Springsource Hyperic Hq 3.2.6

  • Springsource Hyperic Hq 4.0.0

  • Springsource Hyperic Hq 4.0.1

  • Springsource Hyperic Hq 4.0.2

  • Springsource Hyperic Hq 4.0.3

  • Springsource Hyperic Hq 4.1.0

  • Springsource Hyperic Hq 4.1.1

  • Springsource Hyperic Hq 4.1.2

  • Springsource Hyperic Hq 4.2

  • Springsource Tc Server 6.0.20


References

CONFIRM - http://www.springsource.com/security/hyperic-hq

MISC - http://www.coresecurity.com/content/hyperic-hq-vulnerabilities

MISC - http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=advisory&name=Hyperic_HQ_Multiple_XSS

XF - hyperichq-description-xss(53660)

BUGTRAQ - 20091002 CVE-2009-2898: Hyperic HQ - Stored XSS in alerts list

BUGTRAQ - 20091003 CORE-2009-0812-Hyperic HQ Multiple XSS

OSVDB - 58611

SECUNIA - 36935

CONFIRM - http://jira.hyperic.com/browse/HHQ-3390


Last Updated: 27 May 2016 10:51:04