Description
Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields."
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Aaron Kulick · textwebappsphp
https://www.exploit-db.com/exploits/33794
References (2)
Core 2
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38913
Vendor Advisory x_refsource_confirm
http://www.springsource.com/security/cve-2009-2907
Scores
EPSS
0.0024
EPSS Percentile
46.9%
Details
CWE
CWE-79
Status
published
Products (4)
springsource/application_management_suite
< 2.0.0
springsource/hyperic_hq
< 4.0.0
springsource/hyperic_hq
< 4.2
springsource/tc_server
< 6.0.20
Published
Mar 24, 2010
Tracked Since
Feb 18, 2026