Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormSpringSource Security TeamPACKETSTORM:87580
HistoryMar 23, 2010 - 12:00 a.m.

SpringSource Hyperic HQ Cross Site Scripting

2010-03-2300:00:00
SpringSource Security Team
packetstormsecurity.com
16

0.002 Low

EPSS

Percentile

58.8%

JSON
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
CVE-2009-2907: SpringSource Hyperic HQ multiple XSS vulnerabilities  
  
Severity: Moderate  
  
Vendor: SpringSource  
  
Versions Affected:  
SpringSource Hyperic HQ 4.2 pre-release versions  
SpringSource Hyperic HQ 4.1.0 to 4.1.2  
SpringSource Hyperic HQ 4.0.0 to 4.0.3  
Earlier unsupported versions may also be affected  
  
Summary:  
Multiple fields are vulnerable to stored XSS.  
  
Description:  
Data retrieved from the database was used directly when forming the HTML output. This allowed an attacker to enter HTML in many of the input fields and have it used when the field was later displayed to a user. Data is now suitably encoded to make it safe for inclusion in HTML.  
  
Mitigation:  
Hyperic HQ Open Source users should upgrade to Hyperic HQ 4.2  
Hyperic HQ Enterprise 4.1.x users may upgrade to Hyperic Enterprise 4.2 or 4.1.2.1  
Hyperic HQ Enterprise 4.0.x users may upgrade to Hyperic Enterprise 4.2 or 4.0.3.2  
Users of any earlier version should upgrade 4.2  
  
Example:  
Paste the following code into the description field:  
<SCRIPT>alert("XSS Vulnerable")</SCRIPT>  
  
Credit:  
This vulnerability was discovered and reported to SpringSource by Aaron Kulick of CBS Interactive.  
  
References:  
http://www.springsource.com/security/hyperic-hq  
  
  
The SpringSource Security Team  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.9 (MingW32) - WinPT 1.2.0  
  
iQIcBAEBAgAGBQJLqSfoAAoJECc+NjlVtVaxTmIP/1aEX8IK62sHc23F6P0ca4Cp  
HkiUF+z2SJy06h8Ntq01ewoI9VoucWwo7VzdZo2iGtRezDKHD2uuxMCRgDCArNeZ  
sjKRpZozeDPrWOBWe1YUP8shKltomi48oNS0N4mcVg3SQV4Lcu9dR9wppT0W/05C  
1EqnJw75/36C187v1OhoiGDc1c+7V3aW2wndjhO6dgkBiigLd72kmx2zqux9kZWQ  
0qpfqpTO3VxxUc0y47zNEDgI0e4q6iPL8NRvfcTdEI2cZNGWAEpWLeJW7fWAnsWd  
T7b8ziRaQ1ZcHPUmp3CoCmGHGP/xOWhywYZXakuIJQpBUJ4ly46KicBWcHVExawR  
KpQA8f5tZJyxHBn8PTxzz8+MYkwzhesyeHkKLcSfgO/0jfum+Ue1PMUIQQ682CQT  
kEYkEKyUxIRxELaGiCTrpDdHp76MN/KzEl5DhgeOwhfd92M0U43twGNTL6xMOhbh  
fdVEHL4tNeRcvX87mTk1vI0FtptGdsws1DDg2c1dP0fUFMTaySoK0oZG7cXr/NBt  
xU/LYntxjuIQNj98eyPH9YjURGVII+0hcHY0WYVGI55dwxrtNj9Fb5UhiYuIIiQ/  
woiLxIoIbW4bOfzlFEGPbn/TnpN8yzxJn36RbNU9i5hitTbLqBI9TERzM18hOFvj  
+G0/W1h4a8IwgI2Fu59k  
=NxoS  
-----END PGP SIGNATURE-----  
`

Related

securityvulns 2
cve 1
prion 1
ibm 1
securityvulns
securityvulns
CVE-2009-2907: SpringSource Hyperic HQ multiple XSS vulnerabilities
2010-03-24 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2010-03-24 00:00:00
cve
cve
CVE-2009-2907
2010-03-24 22:45:00
prion
prion
Cross site scripting
2010-03-24 22:45:00
ibm
ibm
Security Bulletin: TADDM affected by multiple vulnerabilities due to JRuby and Hyperic HQ
2023-01-10 07:32:07

0.002 Low

EPSS

Percentile

58.8%

JSON
Related for PACKETSTORM:87580
securityvulns2cve1prion1ibm1