CVE-2009-2898

Springsource Application Management Suite - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users to inject arbitrary web script or HTML via the Description field. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by CoreLabs · textwebappsjsp

https://www.exploit-db.com/exploits/10013

View Code ZIP pw:eip

References (9)

[Exploit, Patch] http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=advisory&name=Hyperic_HQ_Multiple_XSS

[Various Sources] http://jira.hyperic.com/browse/HHQ-3390

[Vendor Advisory] http://secunia.com/advisories/36935

[Patch] http://www.coresecurity.com/content/hyperic-hq-vulnerabilities

[Patch, Vendor Advisory] http://www.springsource.com/security/hyperic-hq

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/506935/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/506950/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/53660

[Third Party Advisory, VDB Entry] http://www.osvdb.org/58611

Scores

EPSS 0.0127

EPSS Percentile 79.3%

Classification

CWE

CWE-79

Status published

Affected Products (19)

springsource/application_management_suite

springsource/hyperic_hq

springsource/hyperic_hq

springsource/hyperic_hq

springsource/hyperic_hq

springsource/hyperic_hq

springsource/hyperic_hq

springsource/hyperic_hq

springsource/hyperic_hq

springsource/hyperic_hq

springsource/hyperic_hq

springsource/hyperic_hq

springsource/hyperic_hq

springsource/hyperic_hq

springsource/hyperic_hq

... and 4 more

Timeline

Published Oct 13, 2009

Tracked Since Feb 18, 2026