Lucene search

K
cveRedhatCVE-2009-2907
HistoryMar 24, 2010 - 10:45 p.m.

CVE-2009-2907

2010-03-2422:45:15
CWE-79
redhat
web.nvd.nist.gov
40
cve-2009-2907
cross-site scripting
xss
springsource tc server
application management suite
ams
hyperic hq open source
hyperic hq enterprise
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

59.0%

Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified “input fields.”

Affected configurations

Nvd
Node
springsourceapplication_management_suiteRange2.0.0sr3
OR
springsourcehyperic_hqRange4.0.0
OR
springsourcehyperic_hqRange4.1.0
OR
springsourcehyperic_hqRange4.2beta_1
OR
springsourcetc_serverRange6.0.20b
VendorProductVersionCPE
springsourceapplication_management_suite*cpe:2.3:a:springsource:application_management_suite:*:sr3:*:*:*:*:*:*
springsourcehyperic_hq*cpe:2.3:a:springsource:hyperic_hq:*:*:*:*:*:*:*:*
springsourcehyperic_hq*cpe:2.3:a:springsource:hyperic_hq:*:beta_1:*:*:*:*:*:*
springsourcetc_server*cpe:2.3:a:springsource:tc_server:*:b:*:*:*:*:*:*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

59.0%