New User, Welcome!     Login

Hyperic

CORE-2009-0812-Hyperic HQ Multiple XSS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
     Core Security Technologies - CoreLabs Advisory
           http://www.coresecurity.com/corelabs/
               Hyperic HQ Multiple XSS


1. *Advisory Information*

Title: Hyperic HQ Multiple XSS

CVE-2009-2907: SpringSource Hyperic HQ multiple XSS vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2009-2907: SpringSource Hyperic HQ multiple XSS vulnerabilities

Severity: Moderate

Vendor: SpringSource

Versions Affected:

CVE-2009-2897: Hyperic HQ - Reflected XSS in stack trace

Severity: Moderate

Vendor: SpringSource

Versions Affected: Hyperic HQ 3.2, 4.0, 4.1, 4.2-beta1. Earlier,
unsupported versions may also be affected

Description:
The stack trace displayed on the default error page is displayed
verbatim without running it through a sanitizer. This can be exploited

CVE-2009-2898: Hyperic HQ - Stored XSS in alerts list

Severity: Moderate

Vendor: SpringSource

Versions Affected: Hyperic HQ 3.2, 4.0, 4.1, 4.2-beta1. Earlier,
unsupported versions may also be affected

Description:
An authenticated Hyperic user can create an alert with JavaScript code
in the Description field. When a user visits the Alerts list, the


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!