CVE-2009-2897

Multiple cross-site scripting (XSS) vulnerabilities in hq/web/common/GenericError.jsp in the generic exception handler in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allow remote attackers to inject arbitrary web script or HTML via invalid values for numerical parameters, as demonstrated by an uncaught java.lang.NumberFormatException exception resulting from (1) the typeId parameter to mastheadAttach.do, (2) the eid parameter to Resource.do, and (3) the u parameter in a view action to admin/user/UserAdmin.do.  NOTE: some of these details are obtained from third party information.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
springsourceapplication_management_suite
2.0.0:sr3
springsourcehyperic_hq
3.2:beta_1
springsourcehyperic_hq
3.2.0
springsourcehyperic_hq
3.2.1
springsourcehyperic_hq
3.2.2
springsourcehyperic_hq
3.2.3
springsourcehyperic_hq
3.2.4
springsourcehyperic_hq
3.2.5
springsourcehyperic_hq
3.2.6
springsourcehyperic_hq
4.0.0
springsourcehyperic_hq
4.0.1
springsourcehyperic_hq
4.0.2
springsourcehyperic_hq
4.0.3
springsourcehyperic_hq
4.1.0
springsourcehyperic_hq
4.1.1
springsourcehyperic_hq
4.1.2
springsourcehyperic_hq
4.2:beta_1
springsourcetc_server
6.0.20:b
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=advisory&name=Hyperic_HQ_Multiple_XSS
http://forums.hyperic.com/jiveforums/thread.jspa?messageID=22156&#22156
http://jira.hyperic.com/browse/HHQ-2655
http://secunia.com/advisories/36935
http://www.coresecurity.com/content/hyperic-hq-vulnerabilities
http://www.osvdb.org/58608
http://www.osvdb.org/58609
http://www.osvdb.org/58610
http://www.securityfocus.com/archive/1/506935/100/0/threaded
http://www.securityfocus.com/archive/1/506936/100/0/threaded
http://www.springsource.com/security/hyperic-hq
https://exchange.xforce.ibmcloud.com/vulnerabilities/53658
http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=advisory&name=Hyperic_HQ_Multiple_XSS
http://forums.hyperic.com/jiveforums/thread.jspa?messageID=22156&#22156
http://jira.hyperic.com/browse/HHQ-2655
http://secunia.com/advisories/36935
http://www.coresecurity.com/content/hyperic-hq-vulnerabilities
http://www.osvdb.org/58608
http://www.osvdb.org/58609
http://www.osvdb.org/58610
http://www.securityfocus.com/archive/1/506935/100/0/threaded
http://www.securityfocus.com/archive/1/506936/100/0/threaded
http://www.springsource.com/security/hyperic-hq
https://exchange.xforce.ibmcloud.com/vulnerabilities/53658