QwikSec

Security Database

CVE

CWE

Training

CVE-2009-2897

Published: Oct 13, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in hq/web/common/GenericError.jsp in the generic exception handler in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allow remote attackers to inject arbitrary web script or HTML via invalid values for numerical parameters, as demonstrated by an uncaught java.lang.NumberFormatException exception resulting from (1) the typeId parameter to mastheadAttach.do, (2) the eid parameter to Resource.do, and (3) the u parameter in a view action to admin/user/UserAdmin.do. NOTE: some of these details are obtained from third party information.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.coresecurity.com/content/hyperic-hq-vulnerabilities

x_refsource_MISC

http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=advisory&name=Hyperic_HQ_Multiple_XSS

x_refsource_MISC

vdb-entry

x_refsource_OSVDB

20091003 CORE-2009-0812-Hyperic HQ Multiple XSS

mailing-list

x_refsource_BUGTRAQ

http://www.springsource.com/security/hyperic-hq

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

hyperichq-mastheadattach-xss(53658)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_OSVDB

20091002 CVE-2009-2897: Hyperic HQ - Reflected XSS in stack trace

mailing-list

x_refsource_BUGTRAQ

http://jira.hyperic.com/browse/HHQ-2655

x_refsource_CONFIRM

http://forums.hyperic.com/jiveforums/thread.jspa?messageID=22156&#22156

x_refsource_CONFIRM

vdb-entry

x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.