Lucene search

[email protected]CVE-2009-1775

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2009-1775

2022-10-0316:23:59

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-1775

cross-site scripting

xss

ulteo open virtual desktop 1.0

security vulnerability

remote attack

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open Virtual Desktop 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/applications.php, (2) admin/appsgroup.php, (3) admin/users.php, (4) admin/usersgroup.php, and (5) admin/tasks.php; (6) show parameter to admin/logs.php; and (7) mode parameter to admin/configuration-partial.php. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

ulteoopen_virtual_desktopMatch1.0

CPENameOperatorVersion
ulteo:open_virtual_desktopulteo open virtual desktopeq1.0

CPE	Name	Operator	Version
ulteo:open_virtual_desktop	ulteo open virtual desktop	eq	1.0

References

secunia.com/advisories/34923

www.insight-tech.org/index.php?p=Ulteo-Open-Virtual-Desktop-v1-0-multiple-XSS

www.securityfocus.com/bid/34927

www.ulteo.com/home/en/ovdi/openvirtualdesktop/downloadnow?autolang=en

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.7%

JSON

Related for CVE-2009-1775

nvd1 prion1 cvelist1