CVE-2009-2898

Published Oct 13, 2009

Last updated 6 years ago

CVSS info 3.5

Overview

Description: Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users to inject arbitrary web script or HTML via the Description field. NOTE: some of these details are obtained from third party information.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:springsource:application_management_suite:2.0.0:sr3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B49CBBA-35CB-42A6-93D5-06C8F203C98B"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:3.2:beta_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4DEFE03-6FCD-49C5-A0E7-370FEA7CF5B9"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:3.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A6E9004-B756-42BE-8918-691AF6F720FC"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:3.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F926074F-8BD2-4A30-B938-CA84E9533CAE"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:3.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A3D6A50-33C3-4932-8A10-37BFF8D061E8"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:3.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41519C07-5A0D-48ED-81B5-ABF712A6AB04"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:3.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44A5F7C5-A739-4887-AE92-721426E404F5"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:3.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F7EB2C3-639B-41B6-B23B-BEBE45EE1DCD"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:3.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCA25CF4-9C98-4FED-A75E-68EF0B9E2C2C"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE0EC4F9-11EE-4326-A7C4-681CB451C45E"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90F45C4E-F068-44A0-B676-444D913B3719"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:4.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "602855A5-B269-46BD-B68E-DAA49B818A63"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:4.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDDBC79C-1930-4474-94EE-1F046539F2C4"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:4.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BA42759-E3E8-4F6C-9542-FB939D9D2042"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:4.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FD405E4-D6B2-41AB-AE19-024192E8B25C"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:4.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC192682-AE08-4651-9C29-0753E2F85D65"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:4.2:beta_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3754D8A2-B5F6-44A9-BC1D-7A4FE925D070"
          },
          {
            "criteria": "cpe:2.3:a:springsource:tc_server:6.0.20:b:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC0FD679-8EB8-4F3D-8310-361E6AAC9299"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References