CVE-2009-2907
SpringSource tc Server < 6.0.20.B, AMS < 2.0.0.SR4, Hyperic HQ < 4.2.x - Cross-Site Scripting via Description Field
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2009-2907. PoCs published by Aaron Kulick.
AI-analyzed exploit summary This exploit demonstrates an XSS vulnerability in multiple SpringSource products by injecting a simple JavaScript alert into the description field. The vulnerability arises from insufficient sanitization of user-supplied data.
Description
Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields."
Exploits (1)
This exploit demonstrates an XSS vulnerability in multiple SpringSource products by injecting a simple JavaScript alert into the description field. The vulnerability arises from insufficient sanitization of user-supplied data.