CVE-2009-2405

Redhat Jboss Enterprise Application Platform - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information.

References (15)

Scores

EPSS 0.0078
EPSS Percentile 73.4%

Classification

CWE
CWE-79
Status published

Affected Products (20)

redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
... and 5 more

Timeline

Published Dec 15, 2009
Tracked Since Feb 18, 2026