Description
Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users to inject arbitrary web script or HTML via the Description field. NOTE: some of these details are obtained from third party information.
Exploits (1)
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/58611
Patch x_refsource_misc
http://www.coresecurity.com/content/hyperic-hq-vulnerabilities
Exploit, Patch x_refsource_misc
http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=advisory&name=Hyperic_HQ_Multiple_XSS
Various Sources x_refsource_confirm
http://jira.hyperic.com/browse/HHQ-3390
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/506950/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/506935/100/0/threaded
Patch, Vendor Advisory x_refsource_confirm
http://www.springsource.com/security/hyperic-hq
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36935
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/53660
Scores
EPSS
0.0127
EPSS Percentile
79.6%
Details
CWE
CWE-79
Status
published
Products (18)
springsource/application_management_suite
2.0.0 sr3
springsource/hyperic_hq
3.2 beta_1
springsource/hyperic_hq
3.2.0
springsource/hyperic_hq
3.2.1
springsource/hyperic_hq
3.2.2
springsource/hyperic_hq
3.2.3
springsource/hyperic_hq
3.2.4
springsource/hyperic_hq
3.2.5
springsource/hyperic_hq
3.2.6
springsource/hyperic_hq
4.0.0
... and 8 more
Published
Oct 13, 2009
Tracked Since
Feb 18, 2026