CVE-2009-1380

Redhat Jboss Enterprise Application Platform - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via the filter parameter, related to the key property and the position of quote and colon characters.

References (10)

[Vendor Advisory] http://secunia.com/advisories/37671

[Patch] https://bugzilla.redhat.com/show_bug.cgi?id=511224

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/54698

[Various Sources] https://jira.jboss.org/jira/browse/JBPAPP-1983

[Vendor Advisory] https://rhn.redhat.com/errata/RHSA-2009-1636.html

[Vendor Advisory] https://rhn.redhat.com/errata/RHSA-2009-1637.html

[Vendor Advisory] https://rhn.redhat.com/errata/RHSA-2009-1649.html

[Vendor Advisory] https://rhn.redhat.com/errata/RHSA-2009-1650.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/37276

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1023315

Scores

EPSS 0.0060

EPSS Percentile 69.3%

Classification

CWE

CWE-79

Status published

Affected Products (16)

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_application_platform

... and 1 more

Timeline

Published Dec 15, 2009

Tracked Since Feb 18, 2026