CVE-2009-4848

🗓️ 07 May 2010 18:23:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 46 Views🌐 WEB

CVE-2009-4848: XSS in ToutVirtual VirtualIQ Pro 3.2 & 3.

Reporter	Title	Published	Views	Family All 4
Cvelist	CVE-2009-4848	7 May 201018:23	–	cvelist
EUVD	EUVD-2009-4811	7 Oct 202500:30	–	euvd
NVD	CVE-2009-4848	7 May 201018:30	–	nvd
Prion	Cross site scripting	7 May 201018:30	–	prion

NVD

Node

toutvirtual virtualiqMatch3.2-pro

OR

toutvirtual virtualiqMatch3.5-pro

Source	Link
secunia	www.secunia.com/advisories/37359
securityfocus	www.securityfocus.com/archive/1/507729/100/0/threaded
securenetwork	www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt

Parameter	Position	Path	Description	CWE
userId	query param	tvserver/server/user/setPermissions.jsp	Cross-site scripting vulnerability in userId parameter of setPermissions.jsp	CWE-79
deptName	query param	tvserver/server/user/addDepartment.jsp	Cross-site scripting vulnerability in deptName parameter of addDepartment.jsp	CWE-79
ID	query param	tvserver/server/inventory/inventoryTabs.jsp	Cross-site scripting vulnerability in ID parameter of inventoryTabs.jsp	CWE-79
reportName	query param	tvserver/reports/virtualIQAdminReports.do	Cross-site scripting vulnerability in reportName parameter of virtualIQAdminReports.do	CWE-79
middleName	request body	tvserver/user/user.do	Cross-site scripting vulnerability in middleName parameter of user.do save action	CWE-79

16 Jun 2026 23:14Current

5.9Medium risk

Vulners AI Score5.9

CVSS 24.3

EPSS0.01062

cve-2009-4848 xss cross-site scripting toutvirtual virtualiq pro web security vulnerability