3 matches found
CVE-2009-2907
CVE-2009-2907 affects SpringSource Hyperic HQ-related products (Open Source 4.2.x and 4.1.x/4.0.x lines; Enterprise 4.0.x/4.1.x) and related components such as tc Server 6.x and AMS up to 2.0.0.SR4. Root cause: improper validation of user-supplied input leading to stored cross-site scripting via ...
CVE-2009-2897
Hyperic HQ pre-3.2.6.1, 4.0.x pre-4.0.3.1, 4.1.x pre-4.1.2.1 and 4.2-beta1 are affected by XSS in the web UI due to improper handling of numeric parameters in multiple .do endpoints, notably mastheadAttach.do (typeId), Resource.do (eid), and UserAdmin.do (u). The flaw originates from an uncaught ...
CVE-2009-2898
Hyperic HQ contains cross-site scripting (XSS) vulnerabilities (CVE-2009-2898) in the web interface. A remote authenticated user can inject arbitrary script via the Description field in the Alerts list, leading to stored XSS, and there are also reflected XSS paths via the GenericError.jsp handlin...