CVE-2009-2907
SpringSource (Multiple Products) - Multiple HTML Injection Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields."
Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en SpringSource tc Server v6.0.20.B y anteriores, Application Management Suite (AMS) anterior a v2.0.0.SR4, Hyperic HQ Open Source anterior a v4.2.x, Hyperic HQ v4.0 Enterprise anterior a v4.0.3.2, e Hyperic HQ v4.1 Enterprise anterior a v4.1.2.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del campo "description" y en campos de entrada no especificados.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-08-20 CVE Reserved
- 2010-03-23 First Exploit
- 2010-03-24 CVE Published
- 2024-09-16 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/33794 | 2010-03-23 | |
| http://www.securityfocus.com/bid/38913 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.springsource.com/security/cve-2009-2907 | 2010-03-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Springsource Search vendor "Springsource" | Application Management Suite Search vendor "Springsource" for product "Application Management Suite" | <= 2.0.0 Search vendor "Springsource" for product "Application Management Suite" and version " <= 2.0.0" | sr3 |
Affected
| ||||||
| Springsource Search vendor "Springsource" | Hyperic Hq Search vendor "Springsource" for product "Hyperic Hq" | <= 4.0.0 Search vendor "Springsource" for product "Hyperic Hq" and version " <= 4.0.0" | - |
Affected
| ||||||
| Springsource Search vendor "Springsource" | Hyperic Hq Search vendor "Springsource" for product "Hyperic Hq" | <= 4.1.0 Search vendor "Springsource" for product "Hyperic Hq" and version " <= 4.1.0" | - |
Affected
| ||||||
| Springsource Search vendor "Springsource" | Hyperic Hq Search vendor "Springsource" for product "Hyperic Hq" | <= 4.2 Search vendor "Springsource" for product "Hyperic Hq" and version " <= 4.2" | beta_1 |
Affected
| ||||||
| Springsource Search vendor "Springsource" | Tc Server Search vendor "Springsource" for product "Tc Server" | <= 6.0.20 Search vendor "Springsource" for product "Tc Server" and version " <= 6.0.20" | b |
Affected
| ||||||