CVE-2009-2907

Published Mar 24, 2010

Last updated 15 years ago

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields."
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Evaluator

Comment: -
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:springsource:application_management_suite:*:sr3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B8C5E79-E523-47D1-9F12-0CF67C4ED736",
            "versionEndIncluding": "2.0.0"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6583C1E0-79BC-48D0-BA82-72C14A46E97F",
            "versionEndIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "679B1ED7-CD6B-4E5B-979E-7B37FC8F1C80",
            "versionEndIncluding": "4.1.0"
          },
          {
            "criteria": "cpe:2.3:a:springsource:hyperic_hq:*:beta_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F4D9D36-1051-43C2-B38A-54D6E24728E7",
            "versionEndIncluding": "4.2"
          },
          {
            "criteria": "cpe:2.3:a:springsource:tc_server:*:b:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61B6DFD0-81EF-496C-8925-5783A49CF031",
            "versionEndIncluding": "6.0.20"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References