CVE-2009-1380

EUVD-2009-1378
Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via the filter parameter, related to the key property and the position of quote and colon characters.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
redhatjboss_enterprise_application_platform
4.2:cp01
redhatjboss_enterprise_application_platform
4.2:cp02
redhatjboss_enterprise_application_platform
4.2:cp03
redhatjboss_enterprise_application_platform
4.2.0:cp01
redhatjboss_enterprise_application_platform
4.2.0:cp02
redhatjboss_enterprise_application_platform
4.2.0:cp03
redhatjboss_enterprise_application_platform
4.2.0:cp04
redhatjboss_enterprise_application_platform
4.2.0:cp05
redhatjboss_enterprise_application_platform
4.2.0:cp06
redhatjboss_enterprise_application_platform
4.2.0:cp07
redhatjboss_enterprise_application_platform
4.3:cp01
redhatjboss_enterprise_application_platform
4.3.0:cp01
redhatjboss_enterprise_application_platform
4.3.0:cp02
redhatjboss_enterprise_application_platform
4.3.0:cp03
redhatjboss_enterprise_application_platform
4.3.0:cp04
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jbossas4
dapper
dne
gutsy
dne
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
Common Weakness Enumeration
References
http://secunia.com/advisories/37671
http://securitytracker.com/id?1023315
http://www.securityfocus.com/bid/37276
https://bugzilla.redhat.com/show_bug.cgi?id=511224
https://exchange.xforce.ibmcloud.com/vulnerabilities/54698
https://jira.jboss.org/jira/browse/JBPAPP-1983
https://rhn.redhat.com/errata/RHSA-2009-1636.html
https://rhn.redhat.com/errata/RHSA-2009-1637.html
https://rhn.redhat.com/errata/RHSA-2009-1649.html
https://rhn.redhat.com/errata/RHSA-2009-1650.html
http://secunia.com/advisories/37671
http://securitytracker.com/id?1023315
http://www.securityfocus.com/bid/37276
https://bugzilla.redhat.com/show_bug.cgi?id=511224
https://exchange.xforce.ibmcloud.com/vulnerabilities/54698
https://jira.jboss.org/jira/browse/JBPAPP-1983
https://rhn.redhat.com/errata/RHSA-2009-1636.html
https://rhn.redhat.com/errata/RHSA-2009-1637.html
https://rhn.redhat.com/errata/RHSA-2009-1649.html
https://rhn.redhat.com/errata/RHSA-2009-1650.html