Lucene search
RootSSV:12465HistoryOct 13, 2009 - 12:00 a.m.
Hyperic HQ跨站脚本和脚本注入漏洞
2009-10-1300:00:00
Root
www.seebug.org
13
0.003 Low
EPSS
Percentile
68.0%
CVE(CAN) ID: CVE-2009-2897,CVE-2009-2898
Hyperic HQ是一个开源的IT资源管理平台。
Hyperic HQ没有正确地验证提交给mastheadAttach.do的typeId参数、Resource.do的eid参数以及admin/user /UserAdmin.do的u参数便返回给了用户,这可能导致反射式跨站脚本攻击;此外由于没有正确地过滤传送给Description参数的输入便在警告列表中返回给了用户,这可能导致存储式跨站脚本攻击。
SpringSource Hyperic HQ 4.2-beta1
SpringSource Hyperic HQ 4.1
SpringSource Hyperic HQ 4.0
SpringSource Hyperic HQ 3.2
厂商补丁:
SpringSource
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
packetstorm
packetstorm
Core Security Technologies Advisory 2009.0812
2009-10-05 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2009-10-06 00:00:00
CVE-2009-2898: Hyperic HQ - Stored XSS in alerts list
2009-10-06 00:00:00
CVE-2009-2897: Hyperic HQ - Reflected XSS in stack trace
2009-10-06 00:00:00
seebug
seebug
Hyperic HQ 3.2 - 4.2-beta1 Multiple XSS
2009-10-02 00:00:00
Hyperic HQ 3.2 - 4.2-beta1 - Multiple XSS
2014-07-01 00:00:00
coresecurity
coresecurity
Hyperic HQ Multiple XSS
2009-10-02 00:00:00
exploitdb
exploitdb
prion
prion
Cross site scripting
2009-10-13 10:30:00
Cross site scripting
2009-10-13 10:30:00
cve
cve
CVE-2009-2898
2009-10-13 10:30:00
CVE-2009-2897
2009-10-13 10:30:00