81 matches found
SpringSource (Multiple Products) - Multiple HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/38913/info Multiple SpringSource Products are prone to multiple HTML-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site,...
SpringSource (Multiple Products) - Multiple HTML Injection Vulnerabilities
SpringSource Multiple Products - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/38913/info Multiple SpringSource Products are prone to multiple HTML-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data. Attacker-supplied HTML o...
SpringSource Hyperic HQ Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-2907: SpringSource Hyperic HQ multiple XSS vulnerabilities Severity: Moderate Vendor: SpringSource Versions Affected: SpringSource Hyperic HQ 4.2 pre-release versions SpringSource Hyperic HQ 4.1.0 to 4.1.2 SpringSource Hyperic HQ 4.0.0 to 4.0...
CVE-2009-2897
Multiple cross-site scripting XSS vulnerabilities in hq/web/common/GenericError.jsp in the generic exception handler in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite AMS 2.0.0.SR3; and tc...
CVE-2009-2898
Cross-site scripting XSS vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite AMS 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users t...
Cross site scripting
Cross-site scripting XSS vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite AMS 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users t...
CVE-2009-2898
Hyperic HQ contains cross-site scripting (XSS) vulnerabilities (CVE-2009-2898) in the web interface. A remote authenticated user can inject arbitrary script via the Description field in the Alerts list, leading to stored XSS, and there are also reflected XSS paths via the GenericError.jsp handlin...
CVE-2009-2897
Multiple cross-site scripting XSS vulnerabilities in hq/web/common/GenericError.jsp in the generic exception handler in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite AMS 2.0.0.SR3; and tc...
CVE-2009-2898
Cross-site scripting XSS vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite AMS 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users t...
CVE-2009-2897
Hyperic HQ pre-3.2.6.1, 4.0.x pre-4.0.3.1, 4.1.x pre-4.1.2.1 and 4.2-beta1 are affected by XSS in the web UI due to improper handling of numeric parameters in multiple .do endpoints, notably mastheadAttach.do (typeId), Resource.do (eid), and UserAdmin.do (u). The flaw originates from an uncaught ...
Hyperic HQ跨站脚本和脚本注入漏洞
CVECAN ID: CVE-2009-2897,CVE-2009-2898 Hyperic HQ是一个开源的IT资源管理平台。 Hyperic HQ没有正确地验证提交给mastheadAttach.do的typeId参数、Resource.do的eid参数以及admin/user /UserAdmin.do的u参数便返回给了用户,这可能导致反射式跨站脚本攻击;此外由于没有正确地过滤传送给Description参数的输入便在警告列表中返回给了用户,这可能导致存储式跨站脚本攻击。 SpringSource Hyperic HQ 4.2-beta1 SpringSource Hyperic ...
CVE-2009-2898: Hyperic HQ - Stored XSS in alerts list
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2009-2898: Stored XSS in alerts list Severity: Moderate Vendor: SpringSource Versions Affected: Hyperic HQ 3.2, 4.0, 4.1, 4.2-beta1. Earlier, unsupported versions may also be affected Description: An authenticated Hyperic user can create an aler...
CVE-2009-2897: Hyperic HQ - Reflected XSS in stack trace
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2009-2897: Reflected XSS in stack trace Severity: Moderate Vendor: SpringSource Versions Affected: Hyperic HQ 3.2, 4.0, 4.1, 4.2-beta1. Earlier, unsupported versions may also be affected Description: The stack trace displayed on the default erro...
CORE-2009-0812-Hyperic HQ Multiple XSS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Hyperic HQ Multiple XSS 1. Advisory Information Title: Hyperic HQ Multiple XSS Advisory Id: CORE-2009-0812 Advisory URL:...
Core Security Technologies Advisory 2009.0812
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Hyperic HQ Multiple XSS 1. Advisory Information Title: Hyperic HQ Multiple XSS Advisory Id: CORE-2009-0812 Advisory URL:...
Hyperic HQ 3.2 4.2-beta1 - Multiple Cross-Site Scripting Vulnerabilities
Hyperic HQ 3.2 4.2-beta1 - Multiple Cross-Site Scripting Vulnerabilities...
Hyperic HQ 3.2 - 4.2-beta1 Multiple XSS
Exploit for jsp platform in category web applications ======================================= Hyperic HQ 3.2 - 4.2-beta1 Multiple XSS ======================================= Hyperic HQ 1 is an open source monitoring software designed to manage web applications and infrastructure. It auto-discover...
Hyperic HQ 3.2 - 4.2-beta1 Multiple XSS
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Hyperic HQ Multiple XSS 1. Advisory Information Title: Hyperic HQ Multiple XSS Advisory Id: CORE-2009-0812 Advisory URL:...
Hyperic HQ Multiple XSS
Advisory ID Internal CORE-2009-0812 1. Advisory Information Title: Hyperic HQ Multiple XSS Advisory Id: CORE-2009-0812 Date published: 2009-10-02 Date of last update: 2009-11-23 Vendors contacted: SpringSource Release mode: Coordinated release 2. Vulnerability Information Class: Cross site...
Hyperic HQ 3.2 < 4.2-beta1 - Multiple Cross-Site Scripting Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Hyperic HQ Multiple XSS 1. Advisory Information Title: Hyperic HQ Multiple XSS Advisory Id: CORE-2009-0812 Advisory URL:...