CVE-2009-2898
Published Oct 13, 2009
Last updated 6 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users to inject arbitrary web script or HTML via the Description field. NOTE: some of these details are obtained from third party information.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:springsource:application_management_suite:2.0.0:sr3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B49CBBA-35CB-42A6-93D5-06C8F203C98B"
},
{
"criteria": "cpe:2.3:a:springsource:hyperic_hq:3.2:beta_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4DEFE03-6FCD-49C5-A0E7-370FEA7CF5B9"
},
{
"criteria": "cpe:2.3:a:springsource:hyperic_hq:3.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A6E9004-B756-42BE-8918-691AF6F720FC"
},
{
"criteria": "cpe:2.3:a:springsource:hyperic_hq:3.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F926074F-8BD2-4A30-B938-CA84E9533CAE"
},
{
"criteria": "cpe:2.3:a:springsource:hyperic_hq:3.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A3D6A50-33C3-4932-8A10-37BFF8D061E8"
},
{
"criteria": "cpe:2.3:a:springsource:hyperic_hq:3.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41519C07-5A0D-48ED-81B5-ABF712A6AB04"
},
{
"criteria": "cpe:2.3:a:springsource:hyperic_hq:3.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44A5F7C5-A739-4887-AE92-721426E404F5"
},
{
"criteria": "cpe:2.3:a:springsource:hyperic_hq:3.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F7EB2C3-639B-41B6-B23B-BEBE45EE1DCD"
},
{
"criteria": "cpe:2.3:a:springsource:hyperic_hq:3.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DCA25CF4-9C98-4FED-A75E-68EF0B9E2C2C"
},
{
"criteria": "cpe:2.3:a:springsource:hyperic_hq:4.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE0EC4F9-11EE-4326-A7C4-681CB451C45E"
},
{
"criteria": "cpe:2.3:a:springsource:hyperic_hq:4.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90F45C4E-F068-44A0-B676-444D913B3719"
},
{
"criteria": "cpe:2.3:a:springsource:hyperic_hq:4.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "602855A5-B269-46BD-B68E-DAA49B818A63"
},
{
"criteria": "cpe:2.3:a:springsource:hyperic_hq:4.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CDDBC79C-1930-4474-94EE-1F046539F2C4"
},
{
"criteria": "cpe:2.3:a:springsource:hyperic_hq:4.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3BA42759-E3E8-4F6C-9542-FB939D9D2042"
},
{
"criteria": "cpe:2.3:a:springsource:hyperic_hq:4.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FD405E4-D6B2-41AB-AE19-024192E8B25C"
},
{
"criteria": "cpe:2.3:a:springsource:hyperic_hq:4.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC192682-AE08-4651-9C29-0753E2F85D65"
},
{
"criteria": "cpe:2.3:a:springsource:hyperic_hq:4.2:beta_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3754D8A2-B5F6-44A9-BC1D-7A4FE925D070"
},
{
"criteria": "cpe:2.3:a:springsource:tc_server:6.0.20:b:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC0FD679-8EB8-4F3D-8310-361E6AAC9299"
}
],
"operator": "OR"
}
]
}
]